Privacy Policy

Preamble

With the following privacy policy, we want to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data we carry out, both within the provision of our services and in particular on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (collectively referred to as "online offer").

The terms used are not gender-specific.

Status: May 19, 2024

Table of Contents

• Preamble
• Responsible Party
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Transfer of Personal Data
• Rights of Data Subjects
• Use of Cookies
• Provision of the Online Offer and Web Hosting
• Web Analysis, Monitoring, and Optimization
• Ezoic Advertising
• Changes and Updates to the Privacy Policy

Responsible Party

1000 Ventures OÜ
Sepapaja tn 6
15551 Tallinn, Estonia

Email Address:

michael@1000ventures.io

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

• Images uploaded by users
• Usage data.
• Meta, communication, and procedural data.

Categories of Data Subjects

• Users.

Purposes of Processing

• Security measures.
• Reach measurement.
• Profiles with user-related information.
• Provision of our online offer and user-friendliness.
• Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection requirements may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of them in the privacy policy.

• Consent (Art. 6(1) sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or several specific purposes.
• Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, considering the state of the art, the implementation costs, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in accordance with legal requirements.

Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, securing availability, and separation of data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, according to the principle of data protection through technology design and through data protection-friendly default settings.

Transfer of Personal Data

In the context of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Among the recipients of this data may be service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and conclude corresponding contracts or agreements with the recipients of your data to protect your data.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw consent at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to information about this data, as well as to further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right to request the completion or rectification of data concerning you in accordance with legal requirements.
• Right to erasure and restriction of processing: You have the right to request the immediate erasure of data concerning you, or alternatively to request a restriction of the processing of the data in accordance with legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with legal requirements, or to request its transfer to another controller.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Use of Cookies

Cookies are small text files or other memory notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an online shop, the accessed content, or used functions of an online offer. Cookies can also be used for different purposes, e.g., to ensure the functionality, security, and convenience of online offers, as well as to create analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except when this is not required by law. Consent is particularly not necessary if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offer) that they have expressly requested. The absolutely necessary cookies usually include cookies with functions that serve the display and operability of the online offer, load balancing, security, storage of user preferences and choices, or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Notes on data protection legal bases: The legal basis on which we process personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies will be processed based on our legitimate interests (e.g., in the business operation of our online offer and its improvement) or if this is necessary to fulfill our contractual obligations if the use of cookies is required to fulfill our contractual obligations. We inform users in the course of this privacy policy or as part of our consent and processing processes about the purposes for which cookies are processed.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General information on revocation and objection (so-called "opt-out"): Users can revoke their given consents at any time and object to processing following legal requirements. Users can, among other things, restrict the use of cookies in the settings of their browser (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be explained via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Further Information on Processing, Procedures, and Services:

• Processing of Cookie Data Based on Consent: We use a cookie consent management procedure in which users' consents for the use of cookies or the processing and providers mentioned within the framework of the cookie consent management procedure are obtained, managed, and revoked. The consent declaration is stored to avoid having to repeat the request and to be able to prove the consent according to legal obligations. The storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following applies: The duration of the consent storage can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and end device used; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Provision of the Online Offer and Web Hosting

We process the data of users to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Types of data processed: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); Security measures.
• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Information on Processing, Procedures, and Services:

• Provision of Online Offer on Rented Storage Space: For the provision of our online offer, we use storage space, computing capacity, and software, which we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).
• Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files". The server log files can include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, message about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid server overloads (especially in case of abusive attacks, so-called DDoS attacks) and to ensure the utilization and stability of the servers; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that requires further retention for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") serves the evaluation of the visitor flows of our online offer and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can identify which areas need optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e., data compiled into a usage process, can be created for these purposes, and information can be stored in a browser or end device and read from it. The collected information includes, in particular, visited websites and used elements, as well as technical information, such as the used browser, the used computer system, and information about usage times. If users have consented to the collection of their location data with us or with the providers of the services we use, location data can also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, the clear data of users (such as email addresses or names) are not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. That is, neither we nor the providers of the used software know the actual identity of the users, but only the data stored in their profiles for the respective processes.

• Types of data processed: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors). Profiles with user-related information (creation of user profiles).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Further Information on Processing, Procedures, and Services:

• Matomo: Matomo is software used for web analysis and reach measurement. In the context of using Matomo, cookies are generated and stored on the user's end device. The data collected in the context of using Matomo is processed only by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Deletion of data: The cookies have a storage duration of up to 13 months.
• Google Analytics: We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to help us analyze how users use our website. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for us, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You can prevent Google Analytics from collecting data by using the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout; Legal bases: Consent (Art. 6(1) sentence 1 lit. a) GDPR). Deletion of data: The data collected via Google Analytics is automatically deleted after 14 months.

Ezoic Advertising

This website uses the services of Ezoic Inc. (“Ezoic”), including to manage third-party interest-based advertising. Ezoic may employ a variety of technologies on this website, including tools to serve content, display advertisements and enable advertising to visitors of this website, which may utilize first and third-party cookies.
A cookie is a small text file sent to your device by a web server that enables the website to remember information about your browsing activity. First-party cookies are created by the site you are visiting, while third-party cookies are set by domains other than the one you're visiting. Ezoic and our partners may place third-party cookies, tags, beacons, pixels, and similar technologies to monitor interactions with advertisements and optimize ad targeting. Please note that disabling cookies may limit access to certain content and features on the website, and rejecting cookies does not eliminate advertisements but will result in non-personalized advertising. You can find more information about cookies and how to manage them here.
The following information may be collected, used, and stored in a cookie when serving personalized ads:

• IP address
• Operating system type and version
• Device type
• Language preferences
• Web browser type
• Email (in a hashed or encrypted form)

Ezoic and its partners may use this data in combination with information that has been independently collected to deliver targeted advertisements across various platforms and websites. Ezoic's partners may also gather additional data, such as unique IDs, advertising IDs, geolocation data, usage data, device information, traffic data, referral sources, and interactions between users and websites or advertisements, to create audience segments for targeted advertising across different devices, browsers, and apps. You can find more information about interest-based advertising and how to manage them here.
You can view Ezoic's privacy policy here, or for additional information about Ezoic's advertising and other partners, you can view Ezoic's advertising partners here.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or another individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.