Privacy Policy

Effective Date: October 29, 2024

1. Controller and Contact

Controller as defined by the GDPR:
palmstudio GmbH
Pfalzgrafenstraße 38
67434 Neustadt
Germany

Contact:
Email: support@digibusinesscard.net
Phone: +49 175 6636977
Website: www.palmstudio.io

2. General Information

This privacy policy informs you about the type, scope, and purposes of the collection and use of personal data when using our service DigiBusinessCard. We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

3. Subject of Data Protection

DigiBusinessCard enables the creation of digital business cards as passes for Apple Wallet or Google Wallet. You can use our service without creating a user account.

4. Data Collection and Processing

4.1 Voluntarily Provided Data

You may provide the following data voluntarily:

• First name
• Last name
• Email address
• Phone number
• Organization/Company name
• Company logo
• Website
• Address

Providing this data is optional. You choose what information you would like to include on your digital business card.

If you choose to purchase a digital business card, you must provide your name and email address as part of the purchase process through Stripe.

4.2 Purpose of Data Processing

The data you provide will be processed to:

• Create your digital business card
• Generate a QR code with vCard data
• Send the pass to you via email
• Enable you to request a new card within one year

4.3 Data Storage

All data entered into the generator is stored at the time of confirmation of your digital business card’s creation, provided you agree to the Terms of Use and this Privacy Policy. Our service uses Firebase Firestore (for data) and Firebase Storage (for files) to store this information (see Section 5 for more details). All data is stored on servers within the EU. This section applies only to data collected within our service; please refer to Section 5 for information on data sharing with third parties or service providers.

4.4 Legal Basis

Your data is processed based on Art. 6(1)(b) GDPR (performance of a contract) as well as Art. 6(1)(a) GDPR (consent) for optional features like analytical cookies.

5. Data Transfer to Third Parties

To provide our service, we collaborate with the following service providers:

5.1 Payment Processing

• Stripe: For payment processing. Stripe Privacy Policy

5.2 Consent for Data Transfer to Google

To create and use your digital business card as a Google Wallet pass, you must expressly consent to the transfer of your data to Google. The information provided for creating the business card (e.g., name, email address, phone number) is transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Note: Once the data is transmitted to Google, it is subject to Google’s privacy policies and the Google Wallet Policy, over which we have no control. In this context, Google is considered an independent controller for the processing of the transferred data. For more details on Google’s data processing practices, please refer to the Google Privacy Policy and Google Wallet Terms of Service (see Section 5.3).

Consent: By selecting the “Create Google Wallet Pass” option, you agree to the transmission and processing of your personal data by Google. Without your consent, we are unable to provide the Google Wallet pass.

5.3 Technical Infrastructure

• Firebase: For functions (Cloud Functions), Firestore (database), and Storage (file storage). Firebase Privacy Policy
• Google Pay: For creating Google Wallet passes. Google Privacy Policy; Google Wallet Terms of Service
• Mailgun: For sending emails. Mailgun Privacy Policy

5.4 Analytics

• umami: For analyzing user behavior. umami Privacy Policy

6. Data Retention

6.1 General Retention Period

• Data related to abandoned payments is deleted at the end of the day.
• For successful payments, all data required to issue the pass is stored for one year.

6.2 Exceptions

• Invoice and payment-related data is stored in accordance with legal retention periods.
• In cases of legal obligations, extended storage may be required.

7. Cookies and Tracking

We use the following cookies:

7.1 Necessary Cookies

• Language Cookie: Stores your language preference
  • Purpose: Displaying the website in your preferred language

8. Your Rights

You have the following rights:

• Right to Access (Art. 15 GDPR)
• Right to Rectification (Art. 16 GDPR)
• Right to Erasure (Art. 17 GDPR)
• Right to Restriction of Processing (Art. 18 GDPR)
• Right to Data Portability (Art. 20 GDPR)
• Right to Object (Art. 21 GDPR)
• Right to Withdraw Consent (Art. 7(3) GDPR)
• Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

To exercise your rights, you may:

1. Use the contact form on our website
2. Send an email to support@digibusinesscard.net
3. Mail a letter to the address provided above

To verify your request, please provide:

• Your customer number, or
• Your pass ID, or
• The email address you used at the time of purchase

9. Data Security

We implement technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access. Our security measures are continuously updated in line with technological developments.

All data processing takes place on servers within the European Union.

10. Changes to the Privacy Policy

We reserve the right to modify this privacy policy to ensure it complies with current legal requirements or to account for changes in our services. The latest version will apply to any future visits.

11. Questions About Data Protection

For questions about the collection, processing, or use of your personal data, or for information, correction, blocking, or deletion of data, please contact:

Benedikt Falkenstein
support@digibusinesscard.net