Privacy Policy V5

§ 1 Who We Are and What We Do
LKK Together Development GmbH (hereinafter referred to as "Together"), located at Kärntnerstraße 521, 8054 Seierberg, is an active limited liability company operating a platform accessible at together-social.com. The Together app is a social network operated by LKK Together Development GmbH. Together combines a shared photo album with a social media platform. Users can create various albums with friends or family for different projects and experiences, capturing these memories in photos and videos to share according to their preferences. Together collects personal data to provide users with an enhanced service and to better address violations of community guidelines and terms of use. In providing our services, personal data is processed, and we inform you of this with this privacy policy. We comply with all data protection obligations and protect your data through digital security systems and technical measures.

§ 2 Who is Our Data Protection Officer
The responsible party according to Art. 4 para. 7 GDPR for compliance with the provisions of the GDPR and all other data protection regulations is: LKK Together Development GmbH Kärntnerstraße 521 8054 Seiersberg support@together-social.com You can assert your data protection concerns and especially your data protection rights with the data protection officer.

§ 3 General Information About the Processing of Personal Data, Storage, and Deletion of Processed Data

When using our services, we may collect and process the following categories of personal data:

Account & Profile Data:
a. First and last name
b. Username
c. Email address
d. Encrypted password
e. Selected interests

User-Generated Content & Interactions:
f. Photos and videos uploaded by the user, including captions
g. Emojis and comments posted by the user
h. Reactions to posts and other interactions
i. Accounts and pages the user subscribes to
j. Pages the user participates in
k. Posts viewed by the user
l. Reports or flags submitted by the user

Device & Technical Data:
m. Device type, operating system, app version
n. IP address and unique device identifiers
o. Browser information, time zone, and language settings
p. Crash data and diagnostic logs
q. In-app behavior and feature usage statistics

Location & Proximity Data:
r. Precise location data (if permission granted)
s. Movement and activity data (e.g., walking, traveling, stationary)
t. Nearby Wi-Fi networks and Bluetooth signals (for proximity detection)
u. Timestamps and contextual data at the time of media capture

Visual Content Analysis (AI-based):
v. Detected objects, patterns, or persons within uploaded media
w. Inferred context (e.g. shared events, similar backgrounds)
x. Grouping logic used to suggest participants of events

Communication & Support:
y. Support requests and direct communications
z. Optional feedback, surveys, or bug reports

Access to Contacts:

If you choose to grant access to your contacts, we may process:

  • Names and phone numbers in your address book

  • Email addresses (if available)

  • Matching results to suggest existing Together users or enable friend invitations

This data is matched in a privacy-preserving manner. It is not stored permanently, used for advertising, or shared with third parties. Contact access can be revoked at any time in your device settings.

Legal Basis and Purpose:

We process your personal data in accordance with:

  • Art. 6(1)(a) GDPR – consent (e.g., for gallery or contact access, AI analysis)

  • Art. 6(1)(b) GDPR – to fulfill our contract with you

  • Art. 6(1)(f) GDPR – our legitimate interest in providing and improving our service

  • Art. 9(2)(a) GDPR – when special categories of data are involved (e.g. facial features)

We use this data to operate and improve the app, detect shared experiences, personalize content, ensure performance and security, and comply with legal requirements

1. When using our website or the services offered through it, personal data may be processed. Personal data includes all information that relates to you personally (e.g., name, birth date, contact addresses, and much more). Personal data processing only occurs in compliance with legal provisions (e.g., GDPR). This privacy information aims to provide all necessary information under Art. 13ff GDPR.

2. Contact data, profile data, account information, customer reviews, user data, verification data (identity check through IDs), payment information, company data, location information, and tax data may be processed. The purpose is to enable you to use our internet services.

3.When using Together, we generally collect and store your personal data only to the extent necessary to provide our service and payment service. This applies to customer data. When you create a customer account or profile, we process and store the data you entered in the input mask necessary for providing our services.

4. If you contact us via email, contact form, or other electronic means, the data you provide will also be processed and stored for the intended processing purposes, provided this is necessary.

5. In providing our services, it may be necessary to share your personal data with third parties.

6. Our database is managed by Microsoft Azure. Microsoft Azure is thus our data processor under GDPR. Microsoft Azure has committed to complying with all data protection regulations and can only access the data you provide and store to fulfill your order.

7. Beyond the legal and factual necessity of data sharing, data is not shared with third parties without your consent or your own action. Also, data is only shared with authorized state institutions and authorities within the scope of legal disclosure obligations or if we are required to provide information by court decision or official order. Data is not transferred to third countries without your consent or explicit request.

8. After terminating your membership with Together, your data remains stored only as long as legal retention obligations exist (e.g., 7 years according to the Austrian Business Code) or it is necessary for legal proof, although we observe the principle of data minimization. If you have created a customer profile, the data remains stored for your own use and interest until you cancel the profile or request deletion. Exceptions are data that cannot or may not be deleted due to legal retention reasons.

9. The purpose of our data processing is to provide our services. By registering on our platform, you consent to the processing of the data you entered. We also have a legal interest in processing if you wish to use our platform.
If you want to register on our platform, we use the so-called double opt-in procedure to complete the registration process. This means we send you an sms to the provided phone number after your registration, asking for confirmation to complete the registration and subsequent use. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after 30 days.

10. During the registration process, the user's name and phone number are collected. The user's selected interests are determined in the onboarding process of the Together app. Photos and videos uploaded by the user are stored by Together in the selected page after creation. Which user gave which emoji on which post is stored by Together when assigning to show the creator of the respective post. If a user clicks the subscribe button of an account or a page, Together remembers this to inform the user in the future when new posts are available. If a user views a post, Together remembers this to avoid displaying the post twice in the feed. If a user accepts a page invitation, Together stores this.

§ 4 Automated Collection of Personal Data When Accessing and Using Our Website

1. When accessing and visiting our website, personal data processed by your browser is transmitted to our server.
2. This includes the following data: IP address, user agent, date/time/number of requests, browser, operating system, language, and version of the browser software, request information, or information on transferred data volume.
3. Data collection is for technical reasons so you can view our website without restrictions. It also serves to perform error analysis and ensure the website's stability and security.
4. The information is temporarily stored in a so-called log file and deleted after 30 days. The following data is stored in the named log file:
• the complete internet address (URL) of the accessed website
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL - e.g., https:// www.example.com/fromhereicame/)
• the hostname and IP address of the device from which access is made (e.g., 
5. COMPUTERNAME and 194.23.43.121)
• date and time

§ 5 Processing of Personal Data
When Using Our Platform as a Customer Registration process/steps for creating a profile as a customer:
a) The user enters their data. Here, the required fields are to be entered or the
Together terms confirmed:
• First name
• Last name
• Phone number
• Confirmation for marketing emails, community guidelines, terms of use, and privacy policy b) Data is sent to a Microsoft Azure server by our data processor and then a user is created in the Together database.
• Company: Microsoft Corporation
• Email: customers@microsoft.com
• Address: https://www.microsoft.com
• Location: Redmond, WA 98052-6399, USA
All data listed here is mandatory for creating a profile. All other data (see profile data, media) is optional; however, a profile as a location or service provider becomes visible to end customers or the public only after it is completed based on the mandatory fields defined by Together. This data is stored until the user requests deletion or the data is no longer needed.

1. To create a customer account, the personal data listed under § 5a is processed. You can then specify a password, with registration completed through email confirmation and link activation. To enable you to use the platform and profile, these and all other data you provide are stored and processed. After registration, you can set up your customer profile.
2. If you unsubscribe from our platform as a user, the collected data will be deleted, provided we are not legally required to retain it.
3. When you use our platform as a registered customer, your user data appears to other registered users. This includes profile data (customer type, etc.); your profile picture, if you upload one; and other self-published data. Third parties cannot view your contact data disclosed to us unless you publish it yourself or share it with those third parties.
4. When you use our platform's search options as a customer, you determine what data you want to search for.
5. For your own better overview, we store your activities on our platform in your account, providing a historical overview of your activities on our platform. This involves processing user data.

§ 6 Data Processing
When Contacting Us Via Support Form or Email If you contact us electronically, e.g., via email or support form, and this contains a request for processing, e.g., because you have questions about existing bookings or are applying for a job with us, additional personal data contained in your request may be processed and stored as necessary. We will store the data as long as necessary for processing, or as legally required, or as deemed necessary for legal reasons.

§ 7 Processing of Data for Artificial Intelligence (AI) Features
Together uses artificial intelligence (AI) to provide its core functionality. The AI system automatically analyzes and groups photos and videos based on shared experiences among users, enabling collaborative albums and a social experience from multiple perspectives. Without this AI functionality, the app cannot be used.

Scope and Type of AI Processing
To detect shared experiences and generate smart album suggestions, the AI system processes:

  • Timestamps and location metadata of media

  • Visual image content (e.g. faces, backgrounds, visual similarity)

  • Device context data such as Wi-Fi networks, Bluetooth signals, and motion patterns

  • User interactions (e.g. reactions, posts, shared albums)

  • Inferred relationships between users based on mutual activity and media

Some of this data may be processed directly on the user’s device (“on-device processing”) to improve performance and privacy. Other data is processed on secure cloud servers.

Training and Improvement of AI Models
The AI models used by Together may be continuously improved using user data, including uploaded photos, usage patterns, and interaction data. This training is performed in a privacy-preserving manner and may involve both on-device learning and centralized training on our servers. The purpose is to enhance the accuracy and quality of AI-driven features for all users.

Legal Basis for AI Processing
The legal basis for this data processing includes:

  • Art. 6 para. 1 lit. b GDPR (performance of a contract), as AI functionality is essential for the app’s core features

  • Art. 6 para. 1 lit. a GDPR (consent), for training AI systems and analyzing sensitive image content

  • Art. 6 para. 1 lit. f GDPR (legitimate interests), for improving the user experience and ensuring accurate AI behavior

  • Art. 9 para. 2 lit. a GDPR, when processing special categories of personal data such as facial features within images

No Solely Automated Decisions with Legal Effect
Together does not make decisions that produce legal effects or similarly significant consequences solely based on automated processing, including profiling, unless legally required and with appropriate safeguards.

Data Transfers and Location of Processing
AI processing is conducted on both European and international infrastructure. Some data may be transferred to countries outside the European Union, including the United States, particularly when using services such as Google Cloud, Cloudflare and Microsoft Azure. These transfers are safeguarded using the European Commission’s Standard Contractual Clauses (SCCs) and other lawful mechanisms.

User Rights and Opt-Out
Since the AI functionality is essential to the operation of the Together app, opting out of this processing is not possible without disabling the service entirely. However, users retain the right to access, rectify, and request deletion of data, and to obtain further information about how AI-driven decisions are made.

§ 8 Cookies
Our website uses "cookies." These are small text files stored on your device using the browser. They do no harm and cannot access your programs. The use of cookies aims to provide us with certain information and to make our internet offering more user-friendly and effective. Our website uses "session cookies," temporarily stored on your device and automatically deleted when you close your browser. Additionally, we use "persistent cookies" on our website, stored on your device to recognize your browser upon a return visit. Using certain cookies is necessary for the functionality of our website and technically necessary to use the website's offering without restrictions and ensure stability (so-called "technical cookies"). Using technically necessary cookies serves to maintain our website's functionality, making the data processing by using these cookies required to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR). No explicit consent is required for using technically necessary cookies according to the mentioned provision. In addition to these technically necessary cookies, "non-essential cookies" are used on our website for the tracking and analysis tools mentioned under § 7. These cookies allow us to evaluate and better understand your interests. Using such cookies and services enables us to make our online offering more needs-based and effective and target our users with offers. You can choose your browser settings to be informed about the setting of cookies and decide individually whether to accept them in specific cases or generally reject them. Rejecting cookies may restrict the functionality of our website. If you disagree with using cookies, you can refuse or disable this feature in your browser settings.

§ 9 Tracking and Analysis
This website uses the following web analytics and tracking tools. Using these services enables us to optimize the website's offering, design, and usage. Using these analysis and tracking services also serves to statistically capture and evaluate website usage. This is done by using cookies (§ 9), small text files stored on your device, and enabling analysis of your website use. Thus, this processing activity pursues a legitimate interest within the meaning of Article 6 para. 1 lit. f GDPR. Using web analytics and tracking tools leads to the transmission and storage of information about your website use on a server of the provider. If you disagree with this use, you can disable this feature in your browser settings.

§ 10 Google Analytics
Our website optionally uses the web analysis service "Google Analytics" by Google LLC (hereinafter "Google"). Google Analytics uses cookies to analyze user website activity. The information generated by cookies (e.g., IP address, browser information, operating system, referrer URL, server request time) is usually transmitted to a Google server in the USA and stored there. Google uses this information to evaluate website use, compile reports on website activity for operators, and provide other services related to website and internet use for market research and website design purposes. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. The IP addresses collected by Google Analytics will not be linked with other Google information. IP address collection can be prevented by activating IP anonymization on this website, within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted. You can prevent the storage of cookies by appropriately adjusting your browser software settings. In this case, some website functions may not be available. Furthermore, you can prevent Google from collecting and processing the data generated by cookies and related to your website use (including your IP address) by installing the corresponding browser software (browser plug-ins).

§ 11 Meta Pixel and Custom Audiences
Our platform uses the "Meta Pixel" service by Meta Platforms Inc. (hereinafter "Meta") for optional analysis and optimization. Meta operates, among other things, the social media platform "Facebook." Using Meta Pixel and Custom Audiences ensures that our Facebook advertising activities only show to potential interested parties and are not intrusive. With the service's help, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by logging whether users were redirected to our website after clicking a Facebook ad.

§ 12 YouTube
Some pages of our website include videos and content from the "YouTube" platform, stored at http://www.YouTube.com and viewable or accessible from our website. YouTube is a video platform by YouTube LLC, a subsidiary of Google LLC. Videos are embedded using the so-called two-click solution or extended data protection mode. This means that no personal data is initially transmitted to YouTube when visiting our website. Only when you activate the video by clicking does YouTube receive the information that you accessed the corresponding subpage of our website. Furthermore, information such as IP address, date, and time of the request; time zone difference to Greenwich Mean Time; content of the request (specific website); access status/HTTP status code; transferred data volume; website from which the request comes, browser; operating system, its interface, and language and version of the browser software are transmitted. The transmission of information occurs regardless of whether the user has an account on the YouTube platform and is logged in. If you are logged into Google, your data is directly assigned to your account. If you do not want your information collected by YouTube to be linked to your account, you must log out before activating the button. In the case of an existing account, YouTube can use the collected information, in particular, to contextualize and personalize advertising activities on its platform. The data stored by YouTube is used to create user profiles, for advertising purposes, market research, and/or the platform's needs-based design, regardless of whether an account exists. The collected information is evaluated, particularly to provide demand-oriented advertising and to inform other users about your activities on our website. You have the right to object to such user profiling, for which you must contact YouTube to exercise this right. More information about the purpose and scope of data collection and processing by YouTube can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de). There you will also find more information about your rights and settings to protect your privacy.

§ 13 Newsletter
With your consent, you can subscribe to our newsletter. This allows us to inform you about our services and offers and keep you updated. We use the double opt-in procedure to register for our newsletter. This means we send you an email to the provided email address after your registration, asking for confirmation to receive the newsletter. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after one month. Additionally, we store your used IP addresses and registration and confirmation times. The purpose of this procedure is to verify your registration and clarify any possible misuse of your data. After your confirmation, we store your email address to send you the newsletter. You can withdraw your consent to receive the newsletter at any time and unsubscribe from it. You can declare your revocation by clicking the link provided in every newsletter email, emailing support@together-social.com, or using the contact information provided in the imprint on our homepage. As a data subject under GDPR, you have the right to rectification, erasure, restriction, and objection regarding your personal data use, according to Art. 16 ff GDPR. To exercise your rights, please contact our data protection officer (§ 2). If you believe that processing your data violates data protection law or your data protection rights have been infringed, you can contact the supervisory authority and lodge a complaint.

§ 14 Use of Cloud Solutions
According to legal requirements, we inform you that we use the following cloud solutions: Microsoft Azure is a cloud platform that receives your full name, email address, and password in encrypted form. The privacy policy of Microsoft Azure can be found at: https://privacy.microsoft.com/de-de/privacystatement. Cloudflare is a cloud platform that receives your uploaded media. The privacy policy of Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/

Google Workspace is used for sending emails and internally storing Together's documents to ensure business operations. Terms of use: https://workspace.google.com/intl/de/terms/premier_terms.html Meta Business Manager is used for communication between users and Together. Terms of use: https://www.facebook.com/legal/terms/businesstools 

§ 15 Your Data Protection Rights
As a person affected by data collection and processing under GDPR, you have the following rights, which we explain below in accordance with the GDPR:

  • Right to confidentiality

  • Right to information (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 GDPR)

  1. To exercise your rights, please contact the person responsible under § 2 (Email: support@together-social.com). This person is also available for questions and further explanations.

  2. If you believe there has been a data protection violation by us, you can file a complaint with the data protection authority/supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna).

  3. If you have consented to receive newsletters, you have the right to revoke this consent at any time.

Following are your data protection rights:
§ 16 Right of Access by the Data Subject (corresponds to Art. 15 GDPR)
(1) The data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed; if so, they have the right to access this personal data and the following information:

(2) If personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards under Article 46 GDPR relating to the transfer.

(3) The controller provides a copy of the personal data undergoing processing. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically, the information must be provided in a commonly used electronic format unless otherwise requested.

(4) The right to obtain a copy under paragraph 1b must not adversely affect the rights and freedoms of others.

§ 17 Right to Rectification (corresponds to Art. 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the processing purposes, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
a) the purposes of the processing;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

For the purposes of processing, the data subject has the right to request the completion of incomplete personal data - even by means of a supplementary declaration.

§ 18 Right to erasure ("Right to be Forgotten") (corresponding to Article 17 GDPR)
(1) The data subject has the right to demand from the controller the immediate deletion of personal data concerning them, and the controller is obliged to delete personal data immediately if one of the following reasons applies:

(2) If the controller has made the personal data public and is obliged to delete it according to paragraph 1, the controller must take appropriate measures, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the deletion of all links to, or copies or replications of, those personal data.

(3) Paragraphs 1 and 2 do not apply to the extent that processing is necessary:

a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject withdraws their consent, which was the basis for processing according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
c) The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
d) The personal data have been unlawfully processed.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data have been collected in relation to services offered by the information society according to Article 8(1) GDPR.

These exceptions also apply to processing:
a) for the exercise of the right to freedom of expression and information;
b) for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health according to Article 9(2)(h) and (i) GDPR and Article 9(3) GDPR.

§ 19 Right to Restriction of Processing (corresponds to Art. 18 GDPR)
(1) The data subject has the right to obtain from the controller the restriction of processing if one of the following applies: 
a) The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data; 
b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; 
c) The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims; 
d) The data subject has objected to processing pursuant to Article 21 para. 1 GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject. 

(2) If processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. 

(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted.

§ 20 Right to Data Portability (corresponds to Art. 20 GDPR)
(1) The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and they have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
a) The processing is based on consent pursuant to Article 6 para. 1 letter a GDPR or Article 9 para. 2 letter a GDPR or on a contract pursuant to Article 6 para. 1 letter b GDPR; and
b) The processing is carried out by automated means. 

(2) In exercising their right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(3) Exercising the right under paragraph 1 of this Article shall not adversely affect Article 17 GDPR. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

(4) The right pursuant to paragraph 2 must not adversely affect the rights and freedoms of others.

§ 21 Right to Object (corresponds to Art. 21 GDPR)
(1) The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6 para. 1 letters e or f GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
(2) Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
(3) If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
(4) The data subject must be explicitly informed of the right referred to in paragraphs 1 and 2 at the latest at the time of the first communication with them; this information shall be presented clearly and separately from any other information.
(5) In the context of using information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.
(6) Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1, the data subject has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

§ 22 Automated Individual Decision-Making, Including Profiling (corresponds to Art. 22 GDPR)
(1) The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
(2) Paragraph 1 does not apply if the decision:
a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller;
b) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c) Is based on the data subject's explicit consent.
(3) In the cases referred to in paragraph 2 letters a and c, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.
(4) Decisions referred to in paragraph 2 must not be based on special categories of personal data referred to in Article 9 para. 1, unless Article 9 para. 2 letter a or g applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

§ 23 Service Providers:
To provide you with our services, we collaborate with a select group of trusted partners. These partners assist us with technical and hosting support, sending notifications, publishing and sharing content, conducting user analytics and satisfaction surveys, managing security incidents, preventing fraudulent activities, and more. In order to deliver our services effectively, we may share your information with these partners as necessary. The table below lists our service providers:

Who/What:
Google Cloud —> Cloud Services
Firebase —> Cloud Services
One Signal —> Push Notifications
Cloudflare —> Cloud Services
Google Worspace —> Team communication
Meta Business Manager —> Advertising
Google Crashlytics —> Data analytics
Atlassian —> Team communication
GitHub —> Code Management
Figma —> Design Tool
Intelliy —> IDE
Postman —> Debugging Tool
Adobe —> Design Tool
OpenAI —> AI Tools
Google Fonts —> Provision of Webfonts
1Password —> Security Tool
Google Ads —> Advertising
Google Analytics —> Data analytics

Privacy Policy V5

§ 1 Who We Are and What We Do
LKK Together Development GmbH (hereinafter referred to as "Together"), located at Kärntnerstraße 521, 8054 Seierberg, is an active limited liability company operating a platform accessible at together-social.com. The Together app is a social network operated by LKK Together Development GmbH. Together combines a shared photo album with a social media platform. Users can create various albums with friends or family for different projects and experiences, capturing these memories in photos and videos to share according to their preferences. Together collects personal data to provide users with an enhanced service and to better address violations of community guidelines and terms of use. In providing our services, personal data is processed, and we inform you of this with this privacy policy. We comply with all data protection obligations and protect your data through digital security systems and technical measures.

§ 2 Who is Our Data Protection Officer
The responsible party according to Art. 4 para. 7 GDPR for compliance with the provisions of the GDPR and all other data protection regulations is: LKK Together Development GmbH Kärntnerstraße 521 8054 Seiersberg support@together-social.com You can assert your data protection concerns and especially your data protection rights with the data protection officer.

§ 3 General Information About the Processing of Personal Data, Storage, and Deletion of Processed Data

When using our services, we may collect and process the following categories of personal data:

Account & Profile Data:
a. First and last name
b. Username
c. Email address
d. Encrypted password
e. Selected interests

User-Generated Content & Interactions:
f. Photos and videos uploaded by the user, including captions
g. Emojis and comments posted by the user
h. Reactions to posts and other interactions
i. Accounts and pages the user subscribes to
j. Pages the user participates in
k. Posts viewed by the user
l. Reports or flags submitted by the user

Device & Technical Data:
m. Device type, operating system, app version
n. IP address and unique device identifiers
o. Browser information, time zone, and language settings
p. Crash data and diagnostic logs
q. In-app behavior and feature usage statistics

Location & Proximity Data:
r. Precise location data (if permission granted)
s. Movement and activity data (e.g., walking, traveling, stationary)
t. Nearby Wi-Fi networks and Bluetooth signals (for proximity detection)
u. Timestamps and contextual data at the time of media capture

Visual Content Analysis (AI-based):
v. Detected objects, patterns, or persons within uploaded media
w. Inferred context (e.g. shared events, similar backgrounds)
x. Grouping logic used to suggest participants of events

Communication & Support:
y. Support requests and direct communications
z. Optional feedback, surveys, or bug reports

Access to Contacts:

If you choose to grant access to your contacts, we may process:

  • Names and phone numbers in your address book

  • Email addresses (if available)

  • Matching results to suggest existing Together users or enable friend invitations

This data is matched in a privacy-preserving manner. It is not stored permanently, used for advertising, or shared with third parties. Contact access can be revoked at any time in your device settings.

Legal Basis and Purpose:

We process your personal data in accordance with:

  • Art. 6(1)(a) GDPR – consent (e.g., for gallery or contact access, AI analysis)

  • Art. 6(1)(b) GDPR – to fulfill our contract with you

  • Art. 6(1)(f) GDPR – our legitimate interest in providing and improving our service

  • Art. 9(2)(a) GDPR – when special categories of data are involved (e.g. facial features)

We use this data to operate and improve the app, detect shared experiences, personalize content, ensure performance and security, and comply with legal requirements

1. When using our website or the services offered through it, personal data may be processed. Personal data includes all information that relates to you personally (e.g., name, birth date, contact addresses, and much more). Personal data processing only occurs in compliance with legal provisions (e.g., GDPR). This privacy information aims to provide all necessary information under Art. 13ff GDPR.

2. Contact data, profile data, account information, customer reviews, user data, verification data (identity check through IDs), payment information, company data, location information, and tax data may be processed. The purpose is to enable you to use our internet services.

3.When using Together, we generally collect and store your personal data only to the extent necessary to provide our service and payment service. This applies to customer data. When you create a customer account or profile, we process and store the data you entered in the input mask necessary for providing our services.

4. If you contact us via email, contact form, or other electronic means, the data you provide will also be processed and stored for the intended processing purposes, provided this is necessary.

5. In providing our services, it may be necessary to share your personal data with third parties.

6. Our database is managed by Microsoft Azure. Microsoft Azure is thus our data processor under GDPR. Microsoft Azure has committed to complying with all data protection regulations and can only access the data you provide and store to fulfill your order.

7. Beyond the legal and factual necessity of data sharing, data is not shared with third parties without your consent or your own action. Also, data is only shared with authorized state institutions and authorities within the scope of legal disclosure obligations or if we are required to provide information by court decision or official order. Data is not transferred to third countries without your consent or explicit request.

8. After terminating your membership with Together, your data remains stored only as long as legal retention obligations exist (e.g., 7 years according to the Austrian Business Code) or it is necessary for legal proof, although we observe the principle of data minimization. If you have created a customer profile, the data remains stored for your own use and interest until you cancel the profile or request deletion. Exceptions are data that cannot or may not be deleted due to legal retention reasons.

9. The purpose of our data processing is to provide our services. By registering on our platform, you consent to the processing of the data you entered. We also have a legal interest in processing if you wish to use our platform.
If you want to register on our platform, we use the so-called double opt-in procedure to complete the registration process. This means we send you an sms to the provided phone number after your registration, asking for confirmation to complete the registration and subsequent use. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after 30 days.

10. During the registration process, the user's name and phone number are collected. The user's selected interests are determined in the onboarding process of the Together app. Photos and videos uploaded by the user are stored by Together in the selected page after creation. Which user gave which emoji on which post is stored by Together when assigning to show the creator of the respective post. If a user clicks the subscribe button of an account or a page, Together remembers this to inform the user in the future when new posts are available. If a user views a post, Together remembers this to avoid displaying the post twice in the feed. If a user accepts a page invitation, Together stores this.

§ 4 Automated Collection of Personal Data When Accessing and Using Our Website

1. When accessing and visiting our website, personal data processed by your browser is transmitted to our server.
2. This includes the following data: IP address, user agent, date/time/number of requests, browser, operating system, language, and version of the browser software, request information, or information on transferred data volume.
3. Data collection is for technical reasons so you can view our website without restrictions. It also serves to perform error analysis and ensure the website's stability and security.
4. The information is temporarily stored in a so-called log file and deleted after 30 days. The following data is stored in the named log file:
• the complete internet address (URL) of the accessed website
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL - e.g., https:// www.example.com/fromhereicame/)
• the hostname and IP address of the device from which access is made (e.g., 
5. COMPUTERNAME and 194.23.43.121)
• date and time

§ 5 Processing of Personal Data
When Using Our Platform as a Customer Registration process/steps for creating a profile as a customer:
a) The user enters their data. Here, the required fields are to be entered or the
Together terms confirmed:
• First name
• Last name
• Phone number
• Confirmation for marketing emails, community guidelines, terms of use, and privacy policy b) Data is sent to a Microsoft Azure server by our data processor and then a user is created in the Together database.
• Company: Microsoft Corporation
• Email: customers@microsoft.com
• Address: https://www.microsoft.com
• Location: Redmond, WA 98052-6399, USA
All data listed here is mandatory for creating a profile. All other data (see profile data, media) is optional; however, a profile as a location or service provider becomes visible to end customers or the public only after it is completed based on the mandatory fields defined by Together. This data is stored until the user requests deletion or the data is no longer needed.

1. To create a customer account, the personal data listed under § 5a is processed. You can then specify a password, with registration completed through email confirmation and link activation. To enable you to use the platform and profile, these and all other data you provide are stored and processed. After registration, you can set up your customer profile.
2. If you unsubscribe from our platform as a user, the collected data will be deleted, provided we are not legally required to retain it.
3. When you use our platform as a registered customer, your user data appears to other registered users. This includes profile data (customer type, etc.); your profile picture, if you upload one; and other self-published data. Third parties cannot view your contact data disclosed to us unless you publish it yourself or share it with those third parties.
4. When you use our platform's search options as a customer, you determine what data you want to search for.
5. For your own better overview, we store your activities on our platform in your account, providing a historical overview of your activities on our platform. This involves processing user data.

§ 6 Data Processing
When Contacting Us Via Support Form or Email If you contact us electronically, e.g., via email or support form, and this contains a request for processing, e.g., because you have questions about existing bookings or are applying for a job with us, additional personal data contained in your request may be processed and stored as necessary. We will store the data as long as necessary for processing, or as legally required, or as deemed necessary for legal reasons.

§ 7 Processing of Data for Artificial Intelligence (AI) Features
Together uses artificial intelligence (AI) to provide its core functionality. The AI system automatically analyzes and groups photos and videos based on shared experiences among users, enabling collaborative albums and a social experience from multiple perspectives. Without this AI functionality, the app cannot be used.

Scope and Type of AI Processing
To detect shared experiences and generate smart album suggestions, the AI system processes:

  • Timestamps and location metadata of media

  • Visual image content (e.g. faces, backgrounds, visual similarity)

  • Device context data such as Wi-Fi networks, Bluetooth signals, and motion patterns

  • User interactions (e.g. reactions, posts, shared albums)

  • Inferred relationships between users based on mutual activity and media

Some of this data may be processed directly on the user’s device (“on-device processing”) to improve performance and privacy. Other data is processed on secure cloud servers.

Training and Improvement of AI Models
The AI models used by Together may be continuously improved using user data, including uploaded photos, usage patterns, and interaction data. This training is performed in a privacy-preserving manner and may involve both on-device learning and centralized training on our servers. The purpose is to enhance the accuracy and quality of AI-driven features for all users.

Legal Basis for AI Processing
The legal basis for this data processing includes:

  • Art. 6 para. 1 lit. b GDPR (performance of a contract), as AI functionality is essential for the app’s core features

  • Art. 6 para. 1 lit. a GDPR (consent), for training AI systems and analyzing sensitive image content

  • Art. 6 para. 1 lit. f GDPR (legitimate interests), for improving the user experience and ensuring accurate AI behavior

  • Art. 9 para. 2 lit. a GDPR, when processing special categories of personal data such as facial features within images

No Solely Automated Decisions with Legal Effect
Together does not make decisions that produce legal effects or similarly significant consequences solely based on automated processing, including profiling, unless legally required and with appropriate safeguards.

Data Transfers and Location of Processing
AI processing is conducted on both European and international infrastructure. Some data may be transferred to countries outside the European Union, including the United States, particularly when using services such as Google Cloud, Cloudflare and Microsoft Azure. These transfers are safeguarded using the European Commission’s Standard Contractual Clauses (SCCs) and other lawful mechanisms.

User Rights and Opt-Out
Since the AI functionality is essential to the operation of the Together app, opting out of this processing is not possible without disabling the service entirely. However, users retain the right to access, rectify, and request deletion of data, and to obtain further information about how AI-driven decisions are made.

§ 8 Cookies
Our website uses "cookies." These are small text files stored on your device using the browser. They do no harm and cannot access your programs. The use of cookies aims to provide us with certain information and to make our internet offering more user-friendly and effective. Our website uses "session cookies," temporarily stored on your device and automatically deleted when you close your browser. Additionally, we use "persistent cookies" on our website, stored on your device to recognize your browser upon a return visit. Using certain cookies is necessary for the functionality of our website and technically necessary to use the website's offering without restrictions and ensure stability (so-called "technical cookies"). Using technically necessary cookies serves to maintain our website's functionality, making the data processing by using these cookies required to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR). No explicit consent is required for using technically necessary cookies according to the mentioned provision. In addition to these technically necessary cookies, "non-essential cookies" are used on our website for the tracking and analysis tools mentioned under § 7. These cookies allow us to evaluate and better understand your interests. Using such cookies and services enables us to make our online offering more needs-based and effective and target our users with offers. You can choose your browser settings to be informed about the setting of cookies and decide individually whether to accept them in specific cases or generally reject them. Rejecting cookies may restrict the functionality of our website. If you disagree with using cookies, you can refuse or disable this feature in your browser settings.

§ 9 Tracking and Analysis
This website uses the following web analytics and tracking tools. Using these services enables us to optimize the website's offering, design, and usage. Using these analysis and tracking services also serves to statistically capture and evaluate website usage. This is done by using cookies (§ 9), small text files stored on your device, and enabling analysis of your website use. Thus, this processing activity pursues a legitimate interest within the meaning of Article 6 para. 1 lit. f GDPR. Using web analytics and tracking tools leads to the transmission and storage of information about your website use on a server of the provider. If you disagree with this use, you can disable this feature in your browser settings.

§ 10 Google Analytics
Our website optionally uses the web analysis service "Google Analytics" by Google LLC (hereinafter "Google"). Google Analytics uses cookies to analyze user website activity. The information generated by cookies (e.g., IP address, browser information, operating system, referrer URL, server request time) is usually transmitted to a Google server in the USA and stored there. Google uses this information to evaluate website use, compile reports on website activity for operators, and provide other services related to website and internet use for market research and website design purposes. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. The IP addresses collected by Google Analytics will not be linked with other Google information. IP address collection can be prevented by activating IP anonymization on this website, within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted. You can prevent the storage of cookies by appropriately adjusting your browser software settings. In this case, some website functions may not be available. Furthermore, you can prevent Google from collecting and processing the data generated by cookies and related to your website use (including your IP address) by installing the corresponding browser software (browser plug-ins).

§ 11 Meta Pixel and Custom Audiences
Our platform uses the "Meta Pixel" service by Meta Platforms Inc. (hereinafter "Meta") for optional analysis and optimization. Meta operates, among other things, the social media platform "Facebook." Using Meta Pixel and Custom Audiences ensures that our Facebook advertising activities only show to potential interested parties and are not intrusive. With the service's help, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by logging whether users were redirected to our website after clicking a Facebook ad.

§ 12 YouTube
Some pages of our website include videos and content from the "YouTube" platform, stored at http://www.YouTube.com and viewable or accessible from our website. YouTube is a video platform by YouTube LLC, a subsidiary of Google LLC. Videos are embedded using the so-called two-click solution or extended data protection mode. This means that no personal data is initially transmitted to YouTube when visiting our website. Only when you activate the video by clicking does YouTube receive the information that you accessed the corresponding subpage of our website. Furthermore, information such as IP address, date, and time of the request; time zone difference to Greenwich Mean Time; content of the request (specific website); access status/HTTP status code; transferred data volume; website from which the request comes, browser; operating system, its interface, and language and version of the browser software are transmitted. The transmission of information occurs regardless of whether the user has an account on the YouTube platform and is logged in. If you are logged into Google, your data is directly assigned to your account. If you do not want your information collected by YouTube to be linked to your account, you must log out before activating the button. In the case of an existing account, YouTube can use the collected information, in particular, to contextualize and personalize advertising activities on its platform. The data stored by YouTube is used to create user profiles, for advertising purposes, market research, and/or the platform's needs-based design, regardless of whether an account exists. The collected information is evaluated, particularly to provide demand-oriented advertising and to inform other users about your activities on our website. You have the right to object to such user profiling, for which you must contact YouTube to exercise this right. More information about the purpose and scope of data collection and processing by YouTube can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de). There you will also find more information about your rights and settings to protect your privacy.

§ 13 Newsletter
With your consent, you can subscribe to our newsletter. This allows us to inform you about our services and offers and keep you updated. We use the double opt-in procedure to register for our newsletter. This means we send you an email to the provided email address after your registration, asking for confirmation to receive the newsletter. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after one month. Additionally, we store your used IP addresses and registration and confirmation times. The purpose of this procedure is to verify your registration and clarify any possible misuse of your data. After your confirmation, we store your email address to send you the newsletter. You can withdraw your consent to receive the newsletter at any time and unsubscribe from it. You can declare your revocation by clicking the link provided in every newsletter email, emailing support@together-social.com, or using the contact information provided in the imprint on our homepage. As a data subject under GDPR, you have the right to rectification, erasure, restriction, and objection regarding your personal data use, according to Art. 16 ff GDPR. To exercise your rights, please contact our data protection officer (§ 2). If you believe that processing your data violates data protection law or your data protection rights have been infringed, you can contact the supervisory authority and lodge a complaint.

§ 14 Use of Cloud Solutions
According to legal requirements, we inform you that we use the following cloud solutions: Microsoft Azure is a cloud platform that receives your full name, email address, and password in encrypted form. The privacy policy of Microsoft Azure can be found at: https://privacy.microsoft.com/de-de/privacystatement. Cloudflare is a cloud platform that receives your uploaded media. The privacy policy of Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/

Google Workspace is used for sending emails and internally storing Together's documents to ensure business operations. Terms of use: https://workspace.google.com/intl/de/terms/premier_terms.html Meta Business Manager is used for communication between users and Together. Terms of use: https://www.facebook.com/legal/terms/businesstools 

§ 15 Your Data Protection Rights
As a person affected by data collection and processing under GDPR, you have the following rights, which we explain below in accordance with the GDPR:

  • Right to confidentiality

  • Right to information (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 GDPR)

  1. To exercise your rights, please contact the person responsible under § 2 (Email: support@together-social.com). This person is also available for questions and further explanations.

  2. If you believe there has been a data protection violation by us, you can file a complaint with the data protection authority/supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna).

  3. If you have consented to receive newsletters, you have the right to revoke this consent at any time.

Following are your data protection rights:
§ 16 Right of Access by the Data Subject (corresponds to Art. 15 GDPR)
(1) The data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed; if so, they have the right to access this personal data and the following information:

(2) If personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards under Article 46 GDPR relating to the transfer.

(3) The controller provides a copy of the personal data undergoing processing. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically, the information must be provided in a commonly used electronic format unless otherwise requested.

(4) The right to obtain a copy under paragraph 1b must not adversely affect the rights and freedoms of others.

§ 17 Right to Rectification (corresponds to Art. 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the processing purposes, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
a) the purposes of the processing;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

For the purposes of processing, the data subject has the right to request the completion of incomplete personal data - even by means of a supplementary declaration.

§ 18 Right to erasure ("Right to be Forgotten") (corresponding to Article 17 GDPR)
(1) The data subject has the right to demand from the controller the immediate deletion of personal data concerning them, and the controller is obliged to delete personal data immediately if one of the following reasons applies:

(2) If the controller has made the personal data public and is obliged to delete it according to paragraph 1, the controller must take appropriate measures, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the deletion of all links to, or copies or replications of, those personal data.

(3) Paragraphs 1 and 2 do not apply to the extent that processing is necessary:

a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject withdraws their consent, which was the basis for processing according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
c) The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
d) The personal data have been unlawfully processed.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data have been collected in relation to services offered by the information society according to Article 8(1) GDPR.

These exceptions also apply to processing:
a) for the exercise of the right to freedom of expression and information;
b) for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health according to Article 9(2)(h) and (i) GDPR and Article 9(3) GDPR.

§ 19 Right to Restriction of Processing (corresponds to Art. 18 GDPR)
(1) The data subject has the right to obtain from the controller the restriction of processing if one of the following applies: 
a) The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data; 
b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; 
c) The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims; 
d) The data subject has objected to processing pursuant to Article 21 para. 1 GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject. 

(2) If processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. 

(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted.

§ 20 Right to Data Portability (corresponds to Art. 20 GDPR)
(1) The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and they have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
a) The processing is based on consent pursuant to Article 6 para. 1 letter a GDPR or Article 9 para. 2 letter a GDPR or on a contract pursuant to Article 6 para. 1 letter b GDPR; and
b) The processing is carried out by automated means. 

(2) In exercising their right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(3) Exercising the right under paragraph 1 of this Article shall not adversely affect Article 17 GDPR. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

(4) The right pursuant to paragraph 2 must not adversely affect the rights and freedoms of others.

§ 21 Right to Object (corresponds to Art. 21 GDPR)
(1) The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6 para. 1 letters e or f GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
(2) Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
(3) If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
(4) The data subject must be explicitly informed of the right referred to in paragraphs 1 and 2 at the latest at the time of the first communication with them; this information shall be presented clearly and separately from any other information.
(5) In the context of using information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.
(6) Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1, the data subject has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

§ 22 Automated Individual Decision-Making, Including Profiling (corresponds to Art. 22 GDPR)
(1) The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
(2) Paragraph 1 does not apply if the decision:
a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller;
b) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c) Is based on the data subject's explicit consent.
(3) In the cases referred to in paragraph 2 letters a and c, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.
(4) Decisions referred to in paragraph 2 must not be based on special categories of personal data referred to in Article 9 para. 1, unless Article 9 para. 2 letter a or g applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

§ 23 Service Providers:
To provide you with our services, we collaborate with a select group of trusted partners. These partners assist us with technical and hosting support, sending notifications, publishing and sharing content, conducting user analytics and satisfaction surveys, managing security incidents, preventing fraudulent activities, and more. In order to deliver our services effectively, we may share your information with these partners as necessary. The table below lists our service providers:

Who/What:
Google Cloud —> Cloud Services
Firebase —> Cloud Services
One Signal —> Push Notifications
Cloudflare —> Cloud Services
Google Worspace —> Team communication
Meta Business Manager —> Advertising
Google Crashlytics —> Data analytics
Atlassian —> Team communication
GitHub —> Code Management
Figma —> Design Tool
Intelliy —> IDE
Postman —> Debugging Tool
Adobe —> Design Tool
OpenAI —> AI Tools
Google Fonts —> Provision of Webfonts
1Password —> Security Tool
Google Ads —> Advertising
Google Analytics —> Data analytics

Privacy Policy

§ 1 Who We Are and What We Do
LKK Together Development GmbH (hereinafter referred to as "Together"), located at Kärntnerstraße 521, 8054 Seierberg, is an active limited liability company operating a platform accessible at together-social.com. The Together app is a social network operated by LKK Together Development GmbH. Together combines a shared photo album with a social media platform. Users can create various albums with friends or family for different projects and experiences, capturing these memories in photos and videos to share according to their preferences. Together collects personal data to provide users with an enhanced service and to better address violations of community guidelines and terms of use. In providing our services, personal data is processed, and we inform you of this with this privacy policy. We comply with all data protection obligations and protect your data through digital security systems and technical measures.

§ 2 Who is Our Data Protection Officer
The responsible party according to Art. 4 para. 7 GDPR for compliance with the provisions of the GDPR and all other data protection regulations is: LKK Together Development GmbH Kärntnerstraße 521 8054 Seiersberg support@together-social.com You can assert your data protection concerns and especially your data protection rights with the data protection officer.

§ 3 General Information About the Processing of Personal Data, Storage, and Deletion of Processed Data

When using our services, we may collect and process the following categories of personal data:

Account & Profile Data:
a. First and last name
b. Username
c. Email address
d. Encrypted password
e. Selected interests

User-Generated Content & Interactions:
f. Photos and videos uploaded by the user, including captions
g. Emojis and comments posted by the user
h. Reactions to posts and other interactions
i. Accounts and pages the user subscribes to
j. Pages the user participates in
k. Posts viewed by the user
l. Reports or flags submitted by the user

Device & Technical Data:
m. Device type, operating system, app version
n. IP address and unique device identifiers
o. Browser information, time zone, and language settings
p. Crash data and diagnostic logs
q. In-app behavior and feature usage statistics

Location & Proximity Data:
r. Precise location data (if permission granted)
s. Movement and activity data (e.g., walking, traveling, stationary)
t. Nearby Wi-Fi networks and Bluetooth signals (for proximity detection)
u. Timestamps and contextual data at the time of media capture

Visual Content Analysis (AI-based):
v. Detected objects, patterns, or persons within uploaded media
w. Inferred context (e.g. shared events, similar backgrounds)
x. Grouping logic used to suggest participants of events

Communication & Support:
y. Support requests and direct communications
z. Optional feedback, surveys, or bug reports

Access to Contacts:

If you choose to grant access to your contacts, we may process:

  • Names and phone numbers in your address book

  • Email addresses (if available)

  • Matching results to suggest existing Together users or enable friend invitations

This data is matched in a privacy-preserving manner. It is not stored permanently, used for advertising, or shared with third parties. Contact access can be revoked at any time in your device settings.

Legal Basis and Purpose:

We process your personal data in accordance with:

  • Art. 6(1)(a) GDPR – consent (e.g., for gallery or contact access, AI analysis)

  • Art. 6(1)(b) GDPR – to fulfill our contract with you

  • Art. 6(1)(f) GDPR – our legitimate interest in providing and improving our service

  • Art. 9(2)(a) GDPR – when special categories of data are involved (e.g. facial features)

We use this data to operate and improve the app, detect shared experiences, personalize content, ensure performance and security, and comply with legal requirements

1. When using our website or the services offered through it, personal data may be processed. Personal data includes all information that relates to you personally (e.g., name, birth date, contact addresses, and much more). Personal data processing only occurs in compliance with legal provisions (e.g., GDPR). This privacy information aims to provide all necessary information under Art. 13ff GDPR.

2. Contact data, profile data, account information, customer reviews, user data, verification data (identity check through IDs), payment information, company data, location information, and tax data may be processed. The purpose is to enable you to use our internet services.

3.When using Together, we generally collect and store your personal data only to the extent necessary to provide our service and payment service. This applies to customer data. When you create a customer account or profile, we process and store the data you entered in the input mask necessary for providing our services.

4. If you contact us via email, contact form, or other electronic means, the data you provide will also be processed and stored for the intended processing purposes, provided this is necessary.

5. In providing our services, it may be necessary to share your personal data with third parties.

6. Our database is managed by Microsoft Azure. Microsoft Azure is thus our data processor under GDPR. Microsoft Azure has committed to complying with all data protection regulations and can only access the data you provide and store to fulfill your order.

7. Beyond the legal and factual necessity of data sharing, data is not shared with third parties without your consent or your own action. Also, data is only shared with authorized state institutions and authorities within the scope of legal disclosure obligations or if we are required to provide information by court decision or official order. Data is not transferred to third countries without your consent or explicit request.

8. After terminating your membership with Together, your data remains stored only as long as legal retention obligations exist (e.g., 7 years according to the Austrian Business Code) or it is necessary for legal proof, although we observe the principle of data minimization. If you have created a customer profile, the data remains stored for your own use and interest until you cancel the profile or request deletion. Exceptions are data that cannot or may not be deleted due to legal retention reasons.

9. The purpose of our data processing is to provide our services. By registering on our platform, you consent to the processing of the data you entered. We also have a legal interest in processing if you wish to use our platform.
If you want to register on our platform, we use the so-called double opt-in procedure to complete the registration process. This means we send you an sms to the provided phone number after your registration, asking for confirmation to complete the registration and subsequent use. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after 30 days.

1During the registration process, the user's name and phone number are collected. The user's selected interests are determined in the onboarding process of the Together app. Photos and videos uploaded by the user are stored by Together in the selected page after creation. Which user gave which emoji on which post is stored by Together when assigning to show the creator of the respective post. If a user clicks the subscribe button of an account or a page, Together remembers this to inform the user in the future when new posts are available. If a user views a post, Together remembers this to avoid displaying the post twice in the feed. If a user accepts a page invitation, Together stores this.

§ 4 Automated Collection of Personal Data When Accessing and Using Our Website

  1. When accessing and visiting our website, personal data processed by your browser is transmitted to our server.

  2. This includes the following data: IP address, user agent, date/time/number of requests, browser, operating system, language, and version of the browser software, request information, or information on transferred data volume.

  3. Data collection is for technical reasons so you can view our website without restrictions. It also serves to perform error analysis and ensure the website's stability and security.

  4. The information is temporarily stored in a so-called log file and deleted after 30 days. The following data is stored in the named log file:
    • the complete internet address (URL) of the accessed website
    • browser and browser version (e.g., Chrome 87)
    • the operating system used (e.g., Windows 10)
    • the address (URL) of the previously visited page (referrer URL - e.g., https:// www.example.com/fromhereicame/)
    • the hostname and IP address of the device from which access is made (e.g., 

  5. COMPUTERNAME and 194.23.43.121)
    • date and time

    § 5 Processing of Personal Data
    When Using Our Platform as a Customer Registration process/steps for creating a profile as a customer:
    a) The user enters their data. Here, the required fields are to be entered or the
    Together terms confirmed:
    • First name
    • Last name
    • Phone number
    • Confirmation for marketing emails, community guidelines, terms of use, and privacy policy b) Data is sent to a Microsoft Azure server by our data processor and then a user is created in the Together database.
    • Company: Microsoft Corporation
    • Email: customers@microsoft.com
    • Address: https://www.microsoft.com
    • Location: Redmond, WA 98052-6399, USA
    All data listed here is mandatory for creating a profile. All other data (see profile data, media) is optional; however, a profile as a location or service provider becomes visible to end customers or the public only after it is completed based on the mandatory fields defined by Together. This data is stored until the user requests deletion or the data is no longer needed.

    1. To create a customer account, the personal data listed under § 5a is processed. You can then specify a password, with registration completed through email confirmation and link activation. To enable you to use the platform and profile, these and all other data you provide are stored and processed. After registration, you can set up your customer profile.

    2. If you unsubscribe from our platform as a user, the collected data will be deleted, provided we are not legally required to retain it.

    3. When you use our platform as a registered customer, your user data appears to other registered users. This includes profile data (customer type, etc.); your profile picture, if you upload one; and other self-published data. Third parties cannot view your contact data disclosed to us unless you publish it yourself or share it with those third parties.

    4. When you use our platform's search options as a customer, you determine what data you want to search for.

    5. For your own better overview, we store your activities on our platform in your account, providing a historical overview of your activities on our platform. This involves processing user data.

      § 6 Datenverarbeitung bei Kontaktaufnahme mittels Support-Formular oder Mail
      Sofern eine Kontaktaufnahme mit uns im elektronischen Wege, z.B. via Mail oder mittels Support-Formular stattfindet und dies eine entsprechende Anfrage an uns mit einem Bearbeitungsersuchen enthält, z.B. weil Sie Fragen zu bestehenden Buchungen haben, oder sich bei uns für eine Anstellung bewerben, kann es je nach Anfrage sein, dass weitere personenbezogene Daten, die in Ihrer Anfrage enthalten sind, von uns verarbeitet und sofern notwendig gespeichert werden. Wir werden die Daten so lange speichern, wie es zur Bearbeitung notwendig ist, bzw. wir aus rechtlichen und gesetzlichen Gründen dazu verpflichtet sind bzw. wir dies aus rechtlichen Gründen für notwendig erachten.

      § 7 Cookies
      Unsere Website verwendet sog. „Cookies“. Es handelt sich dabei um kleine Textdateien, die mit Hilfe des Browsers auf Ihrem Endgerät gespeichert werden. Cookies richten keinen Schaden an und können auf Ihre Programme nicht zugreifen. Die Verwendung von Cookies hat den Zweck, uns bestimmte Informationen zufließen zu lassen und ermöglicht es uns, das Internetangebot nutzerfreundlicher und effektiver zu gestalten. Auf unserer Website werden unter anderem sog. „Session-Cookies“ verwendet, die temporär auf ihrem Rechner abgelegt werden und beim Schließen ihres Browsers wieder automatisch gelöscht werden. Darüber hinaus setzen wir auf unserer Website auch sog. residente Cookies ein, die auf ihrem Endgerät gespeichert werden und es und ermöglichen, Ihren Browser bei einem erneuten Besuch unserer Website wiederzuerkennen. Die Verwendung bestimmter Cookies ist für das Funktionieren unserer Website erforderlich und technisch notwendig, um das Angebot unsere Website ohne Einschränkungen zu nutzen und die Stabilität unseres Angebots zu gewährleisten (sog. „technische Cookies“). Die Verwendung technisch notwendiger Cookies dient dem Zweck, die Funktionalität unserer Website zu erhalten, sodass die Datenverarbeitung durch Einsatz dieser Cookies jedenfalls zur Wahrung berechtigter Interessen erforderlich ist (Art 6 Abs 1 lit f DSGVO). Einer expliziten Zustimmung zur Verwendung technisch notwendiger Cookies bedarf es im Sinne der oben genannten Bestimmung daher nicht. Neben diesen technisch notwendigen Cookies werden auf unserer Website auch für die unter § 7 genannten Tracking- und Analyse-Tools Cookies eingesetzt. Diese sog. „nicht erforderlichen Cookies“ ermöglichen es uns, Ihre Interessen auszuwerten und besser nachzuvollziehen. Die Verwendung derartiger Cookies und Dienste ermöglicht es uns demnach, unserer Online-Angebot bedarfsorientierter und effektiver zu gestalten sowie unsere Nutzer gezielter mit Angeboten anzusprechen. Sie können Ihre Browsereinstellung so wählen, dass Sie über die Einrichtung von Cookies informiert werden und jeweils entscheiden, ob Sie diese in besonderen Fällen oder generell akzeptieren oder ablehnen möchten. Die Ablehnung von Cookies kann die Funktionalität unserer Website einschränken. Sollten Sie mit der Nutzung von Cookies nicht einverstanden sein, können Sie diese Funktion in Ihren Browser-Einstellungen ablehnen bzw. deaktivieren.

      § 8 Tracking und Analyse
      Diese Website verwendet die im Folgenden genannten Webanalysedienste und Tracking- Tools. Die Verwendung dieser Dienste ermöglicht es uns, das Angebot, die Gestaltung und die Nutzung der Webseite zu optimieren. Dabei dient der Einsatz dieser Analyse- und Tracking-Dienste auch der statistischen Erfassung sowie Auswertung der Nutzung der Website. Dies geschieht durch die Verwendung von Cookies (§ 9), kleine Textdateien, die auf ihrem Endgerät gespeichert werden und die eine Analyse der Benutzung der Website durch Sie ermöglichen. Mit dieser Verarbeitungstätigkeit wird demnach ein berechtigtes Interesse im Sinne des Artikel 6 Abs 1 lit f DSGVO verfolgt. Die Verwendung der Webanalysedienste und Tracking-Tools führen abhängig vom konkreten Dienst dazu, dass Informationen über die Benutzung dieser Website durch Sie auf einen Server des Anbieters übertragen und dort gespeichert werden. Sollten Sie mit dieser Nutzung nicht einverstanden sein, können Sie diese Funktion in Ihren Browsereinstellungen deaktivieren.

      § 9 Google Analytics
      Unsere Website verwendet optional den Webanalysedienst „Google Analytics“ der Google LLC (im Folgenden „Google"). Google Analytics setzt Cookies zur Analyse der Webseitenaktivität der Nutzer. Die durch Cookies erzeugten Informationen (z.B. IP-Adresse, Browser-Informationen, verwendetes Betriebssystem, Referrer-URL, Uhrzeit der Serveranfrage) werden im Regelfall an einen Server von Google in den USA übertragen und dort gespeichert. Diese Informationen werden von Google genutzt, um die Nutzung der Website auszuwerten, um Berichte über die Aktivität auf der Website für die Betreiber zusammenzustellen und um weitere Dienstleistungen in Zusammenhang mit der Website- und Internetnutzung zu Zwecken der Marktforschung und Website-Gestaltung zu erbringen. Gegenebenfalls werden die Informationen von Google an Dritte übergeben, sofern dies gesetzlich vorgeschrieben oder soweit Dritte diese Daten im Auftrag von Google verarbeiten. Die im Rahmen von Google Analytics erhobenen IP- Adressen werden in keinem Fall von Google mit anderen Informationen in Verbindung gebracht. Das Erfassen der IP-Adresse kann durch Aktivierung der IP-Anonymisierung auf dieser Website, innerhalb von Mitgliedstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum zuvor gekürzt werden. Die Übertragung der „vollen“ IP-Adresse findet nur in Ausnahmefällen statt. Durch entsprechende Einstellungen Ihres Browsers können Sie das Speichern von Cookies verhindern. In diesem Falle können gegebenenfalls nicht sämtliche Funktionen der Webseite zur Verfügung stehen. Darüber hinaus besteht die Möglichkeit, die Erfassung der durch Cookies erzeugten und auf Ihre Nutzung der Website bezogenen Informationen (inkl. Ihrer IP- Adresse) an Google sowie die Verarbeitung dieser Daten durch Google zu verhindern, indem Sie entsprechende Browser-Software (Browser-Plug-Ins) installieren.

      § 10 Meta Pixel und Custom Audiences
      Unsere Plattform verwendet zur optionalen Analyse und Optimierung des Angebots den Dienst „Meta-Pixel“ der Meta Platforms Inc. (im Folgenden „Meta). Meta betreibt unter anderem die Social-Media-Plattform „Facebook“. Durch die Verwendung des Dienstes Meta-Pixels und von Custom Audiences möchten wir sicherstellen, dass unsere Werbeaktivitäten auf Facebook nur potentiellen Interessenten unseres Angebots gezeigt werden und daher nicht belästigend wirken. Mit Hilfe des Dienstes können wir ferner die Wirksamkeit der Facebook-Werbeanzeigen für statistische und Marktforschungszwecke nachvollziehen, indem über Meta Pixel protokolliert wird, ob Nutzer nach dem Klick auf eine Facebook-Werbeanzeige auf unsere Website weitergeleitet wurden.

      § 11 YouTube
      Teilweise sind auf Seiten unseres Webauftritts Videos und Inhalte der Plattform „YouTube“ eingebunden, die auf der Website http://www.YouTube.com gespeichert und von unserer Website aus abspielbar bzw. einsehbar sind. Bei YouTube handelt es sich um eine Video-Plattform der YouTube LLC, einer Tochtergesellschaft der Google LLC. Die Einbindung der Videos erfolgt mit Hilfe der sog. Zwei-Klick-Lösung bzw. im erweiterten Datenschutzmodus. Das heißt, dass beim Besuch unserer Website zunächst grundsätzlich keine personenbezogenen Daten an YouTube weitergegeben werden. Erst, wenn Sie das Video per Klick aktivieren, erhält YouTube die Information, dass Sie die entsprechende Unterseite unserer Website aufgerufen haben. Zudem werden Informationen wie IP-Adresse, Datum und Uhrzeit der Anfrage; die Zeitzonendifferenz zur Greenwich Mean Time; der Inhalt der Anforderung (konkrete Website); der Zugriffsstatus/HTTP-Statuscode; die jeweils übertragene Datenmenge; die Website von der die Anforderung kommt, der Browser; das Betriebssystem, dessen Oberfläche und die Sprache sowie die Version der Browsersoftware übermittelt. Die Übermittlung der Informationen erfolgt unabhängig davon, ob der Nutzer unserer Website über ein Konto auf der Plattform YouTube verfügt und bei diesem eingeloggt ist. Wenn Sie bei Google eingeloggt sind, werden Ihre Daten direkt Ihrem Konto zugeordnet. Wenn Sie die Zuordnung der erhobenen Informationen mit Ihrem Konto bei YouTube nicht wünschen, müssen Sie sich vor Aktivierung des Buttons ausloggen. Im Fall eines bestehenden Kontos kann YouTube die erhobenen Informationen insbesondere verwenden, um die Werbetätigkeit auf der eigenen Plattform zu kontextualisieren und personalisieren. Die von YouTube gespeicherten Daten werden unabhängig davon, ob ein Konto besteht, zur Erstellung von Nutzungsprofile sowie zu Werbezwecken, Marktforschung und/oder der bedarfsgerechten Gestaltung der Plattform verwendet. Die Auswertung der gesammelten Informationen erfolgt insbesondere (selbst für nicht eingeloggte Nutzer) zur Erbringung bedarfsgerechter Werbung und um andere Nutzer über Ihre Aktivitäten auf unserer Website zu informieren. Gegen die Bildung derartiger Nutzerprofile steht Ihnen ein Widerspruchsrecht zu, wobei Sie sich zur Ausübung dieses Rechts an YouTube richten müssen. Weitere Informationen zu Zweck und Umfang der Datenerhebung und ihrer Verarbeitung durch YouTube können Sie der Datenschutzerklärung von Google (https://policies.google.com/privacy?hl=de) entnehmen. Dort erhalten Sie auch weitere Informationen zu Ihren Rechten und Einstellungsmöglichkeiten zum Schutze Ihrer Privatsphäre.
      § 12 Newsletter
      Mit Ihrer Einwilligung können Sie unseren Newsletter abonnieren. Damit können wir Sie über unsere Dienstleistungen und Angebote informieren und am Laufenden halten. Für die Anmeldung zu unserem Newsletter verwenden wir das sog. Double-opt-in-Verfahren. Das heißt, dass wir Ihnen nach Ihrer Anmeldung eine E-Mail an die angegebene E-Mail-Adresse senden, in welcher wir Sie um Bestätigung bitten, dass Sie den Versand des Newsletters wünschen. Wenn Sie Ihre Anmeldung nicht innerhalb angemessener Frist bestätigen, werden Ihre Informationen gesperrt und nach einem Monat automatisch von uns gelöscht. Darüber hinaus speichern wir jeweils Ihre eingesetzten IP-Adressen und Zeitpunkte der Anmeldung und Bestätigung. Zweck des Verfahrens ist, Ihre Anmeldung nachzuweisen und gegebenenfalls einen möglichen Missbrauch Ihrer persönlichen Daten aufklären zu können. Nach Ihrer Bestätigung speichern wir Ihre E-Mail-Adresse zum Zweck der Zusendung des Newsletters. Ihre Einwilligung in die Übersendung des Newsletters können Sie jederzeit widerrufen und den Newsletter abbestellen. Den Widerruf können Sie durch Klick auf den in jeder Newsletter-E-Mail bereitgestellten Link, per E-Mail an support@together-social.com oder durch eine Nachricht an die im Impressum auf unserer Homepage angegebenen Kontaktdaten erklären. Als Betroffener im Sinne der DSGVO haben Sie gemäß Art 16 ff das Recht auf Berichtigung, Löschung, Einschränkung und Widerspruch im Zusammenhang mit der Verwendung Ihrer personenbezogener Daten. Zur Inanspruchnahme, wenden Sie sich bitte an unseren Datenschutzverantwortlichen (§ 2). Sollten Sie der Meinung sein, dass die Verarbeitung Ihrer Daten gegen das Datenschutzrecht verstößt oder Ihre datenschutzrechtlichen Ansprüche verletzt worden sind, haben Sie die Möglichkeit sich an die Aufsichtsbehörde zu wenden und sich dort zu beschweren.
      § 13 Verwendung von Cloud-Lösungen
      Aufgrund der gesetzlichen Bestimmungen informieren wir Sie darüber, dass wir folgende Cloud-Lösungen in Verwendung haben: Microsoft Azure ist eine Cloud-Plattform, diese erhält Ihren vollständigen Namen, Ihre Emailadresse und Ihr Passwort in verschlüsselter Form. Die Datenschutzerklärung von Microsoft Azure finden Sie auf: https://privacy.microsoft.com/de-de/privacystatement Cloudflare ist eine Cloud-Plattform, diese erhält Ihre hochgeladenen Medien. Die Datenschutzerklärung von Cloudflare finden Sie auf: https://www.cloudflare.com/de-de/privacypolicy/
      § 14 Ihre Datenschutzrechte
      1. Als von der Datenerhebung und Datenverarbeitung betroffene Person im Sinne der DSGVO haben Sie nachstehende Rechte, welche wir in weiterer Folge in Anlehnung an die DSGVO näher darstellen:
      Recht auf Geheimhaltung
      Recht auf Auskunft (Art. 15 DSGVO);
      Recht auf Berichtigung (Art. 16 DSGVO);
      Recht auf Löschung (Art. 17 DSGVO);
      Recht auf Einschränkung der Verarbeitung (Art. 18 DSGVO);
      Recht auf Datenübertragbarkeit (Art. 20 DSGVO);
      Recht auf Widerspruch gegen die Verarbeitung (Art. 21 DSGVO);
      Recht, nicht einer ausschließlich auf einer automatisierten Verarbeitung — einschließlich Profiling — beruhenden Entscheidung unterworfen zu werden (Art. 22 DSGVO).
      Die vorgenannten Rechte können Sie als betroffene Person jederzeit mittels einer formlosen Mitteilung an uns geltend machen.
      2. Im Falle von Verstößen gegen datenschutzrechtliche Bestimmungen haben Sie zudem das Recht, eine Beschwerde bei der zuständigen Aufsichtsbehörde einzureichen. Zuständige Aufsichtsbehörde in datenschutzrechtlichen Fragen ist der Landesdatenschutzbeauftragte des Bundeslandes, in dem sich der Sitz unseres Unternehmens befindet. Eine Liste der Datenschutzbeauftragten sowie deren Kontaktdaten können folgendem Link entnommen werden: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
      3. Auskunftsrecht: Sie haben jederzeit das Recht auf Auskunft über Ihre von uns verarbeiteten personenbezogenen Daten nach Maßgabe des Art 15 DSGVO. Dieses Auskunftsrecht umfasst Informationen über die Verarbeitungszwecke, die Kategorien der personenbezogenen Daten, die Kategorien von Empfängern, gegenüber denen Ihre Daten offengelegt wurden oder werden, die geplante Speicherdauer, das Bestehen eines Rechts auf Berichtigung, Löschung, Einschränkung der Verarbeitung oder Widerspruch, das Bestehen eines Beschwerderechts, die Herkunft ihrer Daten, sofern diese nicht bei uns erhoben wurden, sowie über das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling und ggf. aussagekräftigen Informationen zu deren Einzelheiten.
      4. Recht auf Berichtigung: Sie haben gemäß Art 16 DSGVO das Recht, unverzüglich die Berichtigung Sie betreffender unrichtiger Daten oder Vervollständigung Ihrer bei uns gespeicherten personenbezogenen Daten zu verlangen.
      5. Recht auf Löschung: Sie haben gemäß Art 17 DSGVO das Recht, die Löschung Ihrer bei uns gespeicherten personenbezogenen Daten zu verlangen, soweit nicht die Verarbeitung zur Ausübung des Rechts auf freie Meinungsäußerung und Information, zur Erfüllung einer rechtlichen Verpflichtung, aus Gründen des öffentlichen Interesses oder zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen erforderlich ist.
      6. Recht auf Einschränkung der Verarbeitung: Sie haben gemäß Art 18 DSGVO das Recht, die Einschränkung der Verarbeitung Ihrer personenbezogenen Daten zu verlangen, soweit die Richtigkeit der Daten von Ihnen bestritten wird, die Verarbeitung unrechtmäßig ist, Sie aber deren Löschung ablehnen und wir die Daten nicht mehr benötigen, Sie jedoch diese zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen benötigen oder Sie gemäß Art 21 DSGVO Widerspruch gegen die Verarbeitung eingelegt haben.
      7. Recht auf Datenübertragbarkeit: Sie haben gemäß Art 20 DSGVO das Recht, Ihre personenbezogenen Daten, die Sie uns bereitgestellt haben, in einem strukturierten, gängigen und maschinenlesebaren Format zu erhalten oder die Übermittlung an einen anderen Verantwortlichen zu verlangen.
      8. Recht auf Widerruf: Sie haben gemäß Art 7 Abs 3 DSGVO das Recht, Ihre einmal erteilte Einwilligung jederzeit gegenüber uns zu widerrufen. Im Falle des Widerrufs werden wir Ihre Daten unverzüglich löschen, soweit keine gesetzliche Verpflichtung zur weiteren Speicherung besteht.
      9. Recht auf Widerspruch: Sie haben gemäß Art 21 DSGVO das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung Sie betreffender personenbezogener Daten, die aufgrund von Art 6 Abs 1 lit e oder f DSGVO erfolgt, Widerspruch einzulegen. Wir verarbeiten die personenbezogenen Daten dann nicht mehr, es sei denn, es liegen nachweisbar zwingende schutzwürdige Gründe für die Verarbeitung vor, die Ihre Interessen, Rechte und Freiheiten überwiegen, oder die Verarbeitung dient der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.
      10. Recht auf Beschwerde bei einer Aufsichtsbehörde: Sie haben gemäß Art 77 DSGVO das Recht, sich bei einer Aufsichtsbehörde zu beschweren, wenn Sie der Ansicht sind, dass die Verarbeitung Ihrer personenbezogenen Daten gegen die DSGVO verstößt. Das Beschwerderecht kann insbesondere bei einer Aufsichtsbehörde in dem Mitgliedstaat Ihres Aufenthaltsorts, Ihres Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes geltend gemacht werden. In Österreich ist die Datenschutzbehörde, Wickenburggasse 8, 1080 Wien, https://www.dsb.gv.at/, die zuständige Aufsichtsbehörde.
      11. Wenn Sie Ihre Datenschutzrechte geltend machen möchten, richten Sie Ihre Anfrage bitte per E-Mail an support@together-social.com oder schriftlich an den im Impressum genannten Verantwortlichen.
      § 15 Änderungen dieser Datenschutzerklärung
      Wir behalten uns vor, diese Datenschutzerklärung jederzeit anzupassen, um sie stets den aktuellen rechtlichen Anforderungen anzupassen oder um Änderungen unserer Leistungen in der Datenschutzerklärung umzusetzen, z. B. bei der Einführung neuer Services. Für Ihren erneuten Besuch gilt dann die neue Datenschutzerklärung.
      § 16 Fragen an den Datenschutzbeauftragten
      Wenn Sie Fragen zum Datenschutz haben, schreiben Sie uns bitte eine E-Mail oder wenden Sie sich direkt an die für den Datenschutz verantwortliche Person in unserer Organisation: [Datenschutzbeauftragter/Vorname Name] unter [E-Mail-Adresse].
      Quelle: Muster-Datenschutzerklärung von anwalt.de