Privacy Policy

Last updated - 15 March 2024

1. General information

Meshcapade GmbH, Karlstrasse 3, 72072 Tübingen (hereinafter ”Meshcapade” or ”we”) is the leading platform for the creation, animation, sharing, and use of realistic 3D digital humans, the Meshcapade avatars (hereinafter ”Avatar”). Meshcapade offers access to technology that allows the conversion of diverse data sources such as photos, videos and the like into Avatars (hereinafter ”Service” or ”Services”).

In connection with the use of the Service, your personal data will be processed by us. In addition, personal data may be processed of individuals who visit the websites of Meshcapade https://meshcapade.com or https://meshcapade.me (hereinafter each a ”Website” and together ”Websites”) and/or contact us. The type as well as the categories of personal data we process from you depend on whether and how you interact with us or the Services we offer.

2. Data controller

Meshcapade acts as a controller within the meaning of the General Data Protection Regulation (hereinafter ”GDPR”) in relation to your personal data processed in connection with the use of the Service or the Websites or a contact made to or by Meshcapade.

If you have any questions about this privacy statement or the processing of your personal data, you can contact us at the following contact details:

3a. Visiting our Websites

When visiting our Websites only for informational purposes, i.e., mere viewing without registration and without you providing us with any other information, certain personal data may be automatically collected each time the Websites are called up and stored in so-called server log files. These are:

  • Browser type and version. The specific type and model of Internet browser you are using, such as Google Chrome, Mozilla Firefox, or Internet Explorer, along with the specific version of the browser.
  • Operating system used. Your operating system for your digital activity, such as Windows, macOS, Linux, iOS, or Android.
  • Website from which the access is made (Referrer URL). The website that was visited before accessing our Website.
  • Host name of the accessing computer. The unique name that your device has on the Internet or on a local network.
  • The date and time of access. The exact time of access to the Website.
  • IP address of the requesting computer. The unique numeric identifier assigned to a device when it connects to the Internet.
  • After explicit consent, the exact location only to support region-specific services.

Temporary storage of the IP address is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storing of the above-mentioned personal data in log files is necessary for technical reasons in order to provide functioning, attractive and user-friendly Websites and to ensure system security. Such data is not merged with other data sources, and the data is not evaluated for marketing purposes.

The legal basis for the temporary storage and processing of such personal data is Article 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest here is to be able to provide you with technically functional and user-friendly Websites and to ensure the security of our systems.

Such personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If personal data is processed for the provision of the website, this is the case when the respective session has ended. If personal data is stored in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, your IP address is deleted or anonymized so that it is no longer possible to identify you.

3b. Creating an account

We collect and process information about you when you register for a Meshcapade account (hereinafter ”Account”) and create or modify your profile. Specifically, the data collected may include the following:

  • First and last name
  • E-mail address
  • Account name
  • Password

We process the aforementioned information on the basis of Article 6 para. 1 sent. 1 lit. b GDPR, which permits the processing of personal data for the performance of a contract or for the implementation of pre-contractual measures.

You also have the option of adding further personal information. You are not required to provide this personal information in order to create an Account. However, if you choose not to, in some cases we might not be able to provide you with our Services. This includes:

  • Gender
  • Demographic information
  • Physical characteristics, e.g., height and weight
  • Telephone number
  • Billing or payment information
  • Display name
  • Profile photo
  • The subscription option you chose.

We process the aforementioned information on the basis of Article 6 para. 1 sent. 1 lit. b GDPR, which permits the processing of personal data for the performance of a contract or for the implementation of pre-contractual measures or on the basis of Article 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest here is to be able to provide you with user-friendly Account.

Creating an Account does not oblige you to use our Services or purchase a subscription. If you do not subscribe to our Services after creating an Account, the Account will remain in existence and usable for you; this way, the Account is available to you in case you choose to use it or subscribe in a later point in time. This is in your interest as well as ours in the sense of Article 6 para. 1 sent. 1 lit. f GDPR. However, you can delete your Account at any time by sending an e-mail with your request to support@meshcapade.com.

We will delete your Account when it has been inactive for 3 years.

When creating an Account, you can speed up the registration process in a user-friendly way by logging into our Websites with the help of a social media account you are already registered for (hereinafter ”Social Sign-In”). This means a type of Account authentication that allows you to log in to our platform and gain access to our Services without having to separately register with us. Instead, Social Sign-In uses information from social media networks that you have already entered there to facilitate logins. For this purpose, your data stored with other third-party providers (e.g., Google and Apple) is transmitted to us. Depending on the provider, this ma, e.g., include your name, e-mail address and date of birth. Prior to the transfer, you will be explicitly informed by the respective third party about the transferred personal data and asked for your consent.

The legal basis, insofar as it concerns personal data that is required for the fulfillment of your usage contract with us, is Article 6 para. 1 sent. 1 lit. b GDPR. For the transmission of further personal data to us and the processing of such data, the legal basis is your consent pursuant to Article 6 para. 1 sent. 1 lit. a GDPR. The purpose and scope of the data collection by the third-party provider, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in the privacy notices of respective third-party provider.

3c. Subscribing to and using our Services

3c - i. Meshcapade Me: Creation of Avatars

We collect and process your personal information in order to create your individualized Avatar.

There are several ways to create your Avatar through the use of uploading a photo, video, 3D scan or using the measurements or text input options. Regardless of the aforementioned option you choose, you may create an Avatar either on our Website or via a browser app that you can download from our Website. We offer the same Services and functionalities to you regardless of a use via a web browser or the app.

Your Avatar is generated either on the basis of photos and/or video recordings you provide to us or by entering body measurements or text information in an online form. In both cases and depending on the specific Service you request, we may collect and process personal information about your, e.g., appearance, body measurements, body form, height, body movement patterns or voice. This may either refer to your entire body or certain body parts. We will scan and analyze the information provided to us and convert it into statistical parameters that are a mathematical representation of your bodily appearance as your individualized Avatar.

Depending on the material you upload to Meshcapade, this information can technically be traced back to you personally and may constitute data that may reveal your racial or ethnic origin, your religious beliefs, your sexual orientation or your health or is biometric. Such data is considered as particularly sensitive and as special categories of personal data under data protection law in accordance with Article 9 para. 1 GDPR (hereinafter ”Sensitive Data”).

Insofar as our Services concern Sensitive Data, processing only takes place if and insofar as you have expressly consented to it within the merits of Article 6 para. 1 sent. 1 lit. a, 9 para. 2 lit. a GDPR. Your consent for the processing of Sensitive Data is obtained during the subscription process by way of independent declaration of consent referring to this Privacy Policy.

You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent, please address us under the contact details provided in Section 2 or use the following e-mail address: support@meshcapade.com.

We will delete your Account and thus also your Avatar when your Account has been inactive for 3 years.

3c - ii. Payment Process

Depending on the particular Service you choose, we may offer our Service by way of a fee-based subscription or free-of-charge. If you choose a fee-based subscription, we will collect payment data from you*, e.g.*, credit card information or wire transfer details. In addition, we process further data relevant for the provision and billing of our Service, such as subscription number, time of subscription, billing period, payment processing. The processing and storage of the aforementioned data is necessary for the conclusion of the contract as well as its fulfilment and is therefore legitimized on the basis of Article 6 para. 1 sent. 1 lit. b GDPR.

Your payment data may also be collected by us if you initially start the fee-based subscription with a free trial phase. Despite the validity of the free trial period, the processing of your payment data is already necessary at the time of the conclusion of the contract within the meaning of Article 6 para. 1 sent. 1 lit. b GDPR, as a subscription is generally a paid subscription, and we only offer in some cases to test our products free of charge in a trial period. If no cancellation takes place within the trial phase, the subscription — as already agreed at the time of the conclusion of the contract — automatically becomes payable and the means of payment specified by you will be debited at the respective time specified in the subscription process.

We use the payment tool from the American online payment service provider Stripe Inc. for our website. For customers within the EU, Stripe Payments Europe, Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“hereinafter ”Stripe”)) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe and Stripe will process your wire transfer details. This may include payment method (i.e., credit card, debit card or account number), bank code, currency, the amount and date of payment. During a transaction, your name, e-mail address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is required for authentication. Furthermore, Stripe may also collect your name, address, telephone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to be able to offer its own services in full. The use of Stripe is necessary for the fulfilment of our contract and is therefore legitimized on the basis of Article 6 para. 1 sent. 1 lit. b GDPR. Insofar as the use of Stripe requires the use of Cookies, the data processing will be based on your consent Article 6 para. 1 sent. 1 lit. a GDPR.

3d. Contact

When you contact us, we collect and process certain information in connection with your request, such as your name, e-mail address and other data requested by us or data you voluntarily provide to us (hereinafter ”Contact Data”).

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of Services or our other Services, the Contact Data will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 para. 1 sent. 1 lit. b GDPR. Otherwise Contact Data is processed to pursue our legitimate interests in responding appropriately to customer/contact inquiries (Art. 6 para. 1 sent. 1 lit. f GDPR).

We will delete Contact Data as soon as the purpose for data storage/processing no longer applies (e.g., after your request has been processed). Mandatory statutory provisions — in particular retention periods — remain unaffected.

3e. Newsletter

With your consent, we may process your personal data to send you a newsletter via e-mail that contains information about our products and services. To send you this newsletter, we require your e-mail address.

Our newsletters contain so-called tracking links that enable us to analyze the behavior of newsletter recipients. We can analyze how many recipients have opened the newsletter (pixel tracking) and how often which link in the newsletter was clicked on (URL tracking) (hereinafter ”Tracking Data”). This enables us to statistically analyze the success or failure of online marketing campaigns.

In regard to our newsletter, each data processing activity only takes place if and insofar as you have expressly consented to it within the merits of Article 6 para. 1 sent. 1 lit. a GDPR. Your consent for this processing of data is obtained during the newsletter subscription process by way of independent consent declaration via double-opt-in mechanism referring to this Privacy Policy.

You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent please address us under the contact details provided in Section 2 or use the following e-mail address: info@meshcapade.com.

The personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your e-mail address and tracking data will therefore be stored for as long as the subscription to the newsletter is active.

3f. Development and improvement of our Services

If you use our Services we, subject to your consent, use the uploaded material and information (e.g., photos and videos or entered body measurements) for a limited period of time as so-called training data (hereinafter ”Training Data”) in order to develop, test and improve our Services, in particular the underlying artificial intelligence systems with the help of which we create Avatars (hereinafter ”AI Systems”).

We will perform this improvement of our Services by fitting the AI Systems’ learnable parameters and adjusting so-called synapse weights that constitute numerical values within the AI System’s algorithm. When we enter Training Data, which may initially qualify as personal data, into an AI System, this information impacts a complex decision tree in a highly abstract form due to the nature of the AI System and influences the numerical value of the synapse weights. Due to the intricate and complex decision tree of the AI System, it is not technically possible to control or manage access to specific information or results entered into the AI System. In particular, the numerical value of the synapse weights does not anymore contain personal data or any other residual information derived from the Training Data.

The use as Training Data only takes place if and insofar as you have expressly consented to it within the merits of Article 6 para. 1 sent. 1 lit. a, 9 para. 2 lit. a GDPR. You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent please address us under the contact details provided in Section 2 or use the following e-mail address: support@meshcapade.com.

3g. Other processing purposes

3g - i. Compliance with legal obligations:

We also process your personal data to comply with other legal obligations to which we are subject in connection with our business activities, including but not limited to compliance with mandatory retention periods under commercial, trade or tax law or regulations and laws against money laundering. We process your personal data on the basis of Article 6 para. 1 sent. 1 lit. c GDPR as the legal basis for compliance with a legal obligation to which we are subject.

3g - ii. Law enforcement:

We also process your personal data in order to be able to assert our rights and enforce our legal claims as well as to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In this context, we process your personal data to protect our legitimate interests pursuant to Article 6 para. 1 sent. 1 lit. f GDPR as a legal basis, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal acts.

4. Other data processing not controlled by meshcapade

4a. Interaction with other third-party services

Our Websites may contain links and plug-ins to access certain third-party services. Any interaction with these links, clicking on these links, or activating these connections may allow these third parties to collect, process or share certain personal data about you. Please note that Meshcapade does not receive, process or store such personal data, nor does Meshcapade control, operate or manage these third-party service providers. Therefore, Meshcapade is not responsible for the data processing or privacy documentation (policies, notices, statements) of the third-party providers; any privacy rights in this regard must be asserted against the third-party providers. If you intend to interact with such third-party providers or leave the Service, we recommend that you read the privacy documentation of the respective third-party service provider you use or visit.

4b. Cookies

We are using authentication cookies for our Websites. In general, are cookies text files that are stored in the internet browser or by the internet browser on your computer system. When you access a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

With regard to the storage period, a distinction is made between temporary cookies, which are deleted at the latest after you have left an online offer and closed your end device (e.g. browser or mobile application) and permanent cookies, which remain stored even after the end device is closed. We are using temporary authentication cookies, to make our Website more user friendly which is in our legitimate interest according to Article 6 para. 1 sent. 1 lit. f GDPR. We are using permanent authentication cookies only if you consent (Article 6 para. 1 sent. 1 lit. a GDPR) to such use by clicking on “remember me” during the registration process. Permanent authentication cookies are deleted after 30 days. You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent please address us under the contact details provided in Section 2 or use the following e-mail address: support@meshcapade.com or by using your „delete cookies” functionality of the browser you are using to access the Websites.

5. Data receiver

Within Meshcapade, access to your personal data is granted to those persons who need it to fulfill our contractual and legal obligations.

In individual cases, we transfer personal data to our consultants in legal or tax matters, whereby these recipients act independently in their own data protection responsibilities and are also obliged to comply with the requirements of the GDPR and other applicable data protection regulations. In addition, they are bound by special confidentiality and secrecy obligations due to their professional position.

In the event of corporate transactions (e.g., sale of our business or a part of it), we may transfer personal data to involved advisors or to potential buyers.

Additionally, Meshcapade also uses services provided by various specialized companies, e.g., IT service providers, payment service providers that process data on our behalf (hereinafter ”Data Processors”). We have concluded a data processing agreements according to Article 28 GDPR with each service provider and they only process data in accordance with our instructions and not for their own purposes. A list of these Data Processors is given in Annex 1.

6. Data transfer to third countries

We or our Data Processors may transfer data to providers located in the United States of America. Such data transfers are based on the EU Commission’s adequacy decision of 10 July 2023 under Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Data Privacy Framework.

We only transfer personal data to service providers located in third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through contractual agreements or other appropriate safeguards.

Further information on the individual service providers can be found in Annex 1.

7. Duration of data storage

We process and store your personal data for the period for which the respective purpose of use requires corresponding storage (see above under Section 3 on the individual processing purposes). This may also include the periods of agreement initiation and agreement execution. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations. However, in some cases we might be under the legal obligation to continue the processing and/or storage of your personal data. This may be, for example, due to legal retention obligations or for evidence purposes. The legal basis here is Article 6 para. 1 sent. 1 lit. c GDPR, which allows processing for the fulfillment of a legal obligation.

8. Rights of the person concerned

The following rights are available to you as a data subject in accordance with the statutory provisions:

a) Right of revocation: You may revoke your consent to the processing of your personal data at any time pursuant to Article 7 para. 3 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation remains unaffected.

b) Right of access: Under the conditions of Article 15 GDPR you have the right to request confirmation from us at any time as to whether we are processing personal data relating to you. If this is the case, you also have the right within the scope of Article 15 GDPR to receive access to the personal data as well as certain other information about the personal data and a copy of your personal data. The restrictions of § 34 German Federal Data Protection Act (hereinafter ”BDSG”) apply.

c) Right to rectification: Under the conditions of Article 16 GDPR you have the right to request us to correct the personal data stored about you if it is inaccurate or incomplete in accordance with.

d) Right to erasure: You have the right, under the conditions of Article 17 GDPR, to demand that we delete the personal data concerning you without delay.

e) Right to restrict processing: You have the right to request that we restrict the processing of your personal data under the conditions of Article 18 GDPR.

f) Right to data portability: You have the right, under the conditions of Article 20 GDPR, to request that we hand over, in a structured, common and machine-readable format, the personal data concerning you that you have provided to us. Please note that this right only applies to data generated using automated processes, the use of which you have originally consented to, or if we have used the data to perform an agreement with you.

g) Right to object: You have the right to object to the processing of your personal data under the conditions of Article 21 GDPR.

h) Right to complain to a supervisory authority: Subject to the requirements of Article 77 of the GDPR, you have the right to file a complaint with a competent supervisory authority. As a rule, the data subject may contact the supervisory authority of his or her habitual residence or place of work or place of the alleged infringement. or the registered office of Meshcapade. The supervisory authority responsible for Meshcapade is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

i) Other concerns: If you have any other questions or concerns regarding data privacy, please contact us using the contact options listed in Section 2.

9. Obligation to provide data

When you visit our websites, you are required to provide us with certain personal data as described in Section 3 a) of this Privacy Policy. Beyond that, you are under no obligation to provide us with personal data. However, if you choose not to provide us with your personal data, you may not be able to contact us or use our Services and/or we may not be able to contact you to respond to your inquiries or questions.

10. Automated decision making/profiling

We do not use your personal data for automated decision making or profiling (i.e., automated analysis of your personal circumstances).

11. Personal data of children

The Service is not intended for use by children (under 18). We do not knowingly market, advertise, process, collect or use children’s personal data.

If we learn that a child has provided us with personal information, we will use commercially reasonable efforts to delete that information from our database within a reasonable time. If you are a parent or guardian of a child and believe that we have collected personal information from your child, please contact us.

  1. Changes to this privacy statement

We review this Privacy Policy regularly and may update it at any time. If we make changes to this Privacy Policy, we will change the date of the last update above. Please review this Privacy Policy regularly to be aware of any updates. The current version of the privacy notice can be accessed at any time at https://meshcapade.com/privacy-policy.

Annex 1:

Hosting:

When you use our Services, your personal data is processed on the servers of AWS. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, website traffic and other data generated through a Website. AWS processes all of the categories of personal data that you enter when using our Services. This includes Sensitive Data (see Section 3 c) above).

We have concluded a data processing agreement with AWS in accordance with the requirements of Article 28 GDPR, in which we oblige AWS to protect our customers’ data and not to pass it on to third parties.

Legal basis of the processing:

The use of AWS is based on Articl e 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If sensitive Data is the subject of the processing, the data processing is based on your consent pursuant to Article 6 para. 1 sent. 1 lit. a, 9 para. 2 lit. a GDPR. You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent please address us under the contact details provided in Section 2 or use the following e-mail address: support@meshcapade.com.

For further information on data protection at AWS, please refer to the AWS data protection declaration: https://aws.amazon.com/de/privacy/?nc1=f_pr.

International data transfers:

In the context of web hosting by AWS, personal data may also be transferred to the parent company of AWS (Amazon Inc., 410 Terry Ave N, Seattle, WE 98109, USA) in the USA. This data transfer is based on the EU Commission’s adequacy decision of 10 July 2023 under Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Data Privacy Framework.

Processing of payments:

We use the payment tool from the American online payment service provider Stripe Inc. for our website. For customers within the EU, Stripe Payments Europe, Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland is responsible. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments.

We have concluded a data processing agreement with Stripe in accordance with the requirements of Article 28 GDPR, in which we oblige Stripe to protect our customers’ data and not to pass it on to third parties.

For further information on data protection at Stripe, please refer to the Stripe data protection declaration: https://stripe.com/de/privacy

Legal basis of the processing

The use of Stripe is necessary for the fulfilment of our contract and is therefore legitimized on the basis of Articl e 6 para. 1 sent. 1 lit. b GDPR. Insofar as the use of Stripe requires the use of Cookies, the data processing will be based on your consent Article  6 para. 1 sent. 1 lit. a GDPR).

International data transfers:

Since Stripe is a global company, data can also be stored in any country where Stripe offers services. This means that data can also be stored outside the EU/EEA, for example in the USA. Data transfers to recipients located in the USA are based on the EU Commission’s adequacy decision of 10 July 2023 under Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Data Privacy Framework. If data is transferred to recipients located in countries outside the EU/EEA Stripe will enter into EU standard contractual clauses according with Article 46 para 2 lit. c GDPR with the respective recipient.

Processing sales e-mail and marketing newsletters:

HubSpot is an integrated software solution which we use for the processing of our sales e-mail and marketing newsletters.

We have concluded a data processing agreement with HubSpot in accordance with the requirements of Article 28 GDPR.

Legal basis of the processing:

The legal basis for processing users’ personal data is the user’s consent in accordance with Article 6 para. 1 sent. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent please address us under the contact details provided in Section 2 or use the following e-mail address: info@meshcapade.com.

For further information on data protection at HubSpot, please refer to the HubSpot data protection declaration: https://legal.hubspot.com/privacy-policy.

International data transfers:

In order to ensure appropriate guarantees for safeguarding the transmission and processing of personal data outside of the EU/EEA, the transmission and processing of data by HubSpot occurs on the basis of appropriate guarantees under Articles 46 et seqq. GDPR, in particular by entering into EU standard contractual clauses in accordance with Article 46 para 2 lit. c GDPR.

E-mail and data storage:

We are using the e-mail service provider Google to send, receive and store our e-mails. When you contact us via e-mail, we collect and process the information in connection with your request, such as your name, e-mail address and other data requested by us or data you voluntarily provide to us (hereinafter ”Contact Data”).

We have concluded a data processing agreement with Google in accordance with the requirements of Article 28 GDPR.

Legal basis of the processing:

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of Services or our other Services, the Contact Data will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 para. 1 sent. 1 lit. b GDPR. Otherwise Contact Data is processed to pursue our legitimate interests in responding appropriately to customer/contact inquiries (Art. 6 para. 1 sent. 1 lit. f GDPR).

For further information on data protection at Google, please refer to the Google data protection declaration: https://policies.google.com/privacy?hl=de.

International data transfers:

Google may also transfer personal data to its servers located outside the EU/EEA. Data transfers to recipients located in the USA are based on the EU Commission’s adequacy decision of 10 July 2023 under Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Data Privacy Framework. If data is transferred to recipients located in countries outside the EU/EEA Google will enter into EU standard contractual clauses in accordance with Article 46 para 2 lit. c GDPR with the respective recipient.

Data storage:

We are using Box as a cloud-based content management platform.

This may include, but is not limited to, IP addresses, contact requests, meta and communication data, website traffic and other data generated through a Website. Box processes all of the categories of personal data that you enter when using our Services. This includes Sensitive Data (see Section 3 c) above).

We have concluded a data processing agreement with Box in accordance with the requirements of Article 28 GDPR.

Legal basis of the processing:

The use of AWS is based on Article 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If sensitive Data is the subject of the processing, the data processing is based on your consent pursuant to Aticle 6 para. 1 sent. 1 lit. a, 9 para. 2 lit. a GDPR. You can revoke your consent at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal. To revoke your consent please address us under the contact details provided in Section 2 or use the following e-mail address: support@meshcapade.com.

For further information on data protection at Box, please refer to the Box data protection declaration: https://www.box.com/legal/privacypolicy#module-64076.

International data transfers:

Data transfers to recipients located in the USA are based on the EU Commission’s adequacy decision of 10 July 2023 under Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Data Privacy Framework.

Internal communications

We are using Slack for our internal communications. This might include the processing of your e-mail address and name. For Customers within the EU Slack Technologies Limited Salesforce Tower, 60 R801, North Dock, Dublin, Irland is responsible.

We have concluded a data processing agreement with Slack in accordance with the requirements of Article 28 GDPR.

Legal basis of the processing:

Your e-mail address and name are processed to pursue our legitimate interests to resolve technical customer inquiries (Art. 6 para. 1 sent. 1 lit. f GDPR).

For further information on data protection at Slack, please refer to the Slack data protection declaration: https://slack.com/intl/de-de/trust/privacy/privacy-policy#identifying.

International data transfers:

If data is transferred to recipients located in countries outside the EU/EEA Slack will enter into EU standard contractual clauses in accordance with Article 46 para 2 lit. c GDPR with the respective recipient.