Data Privacy

PLEASE READ THIS PRIVACY NOTICE CAREFULLY.

This data protection declaration establishes the type, scope, and purpose of the processing (including the collection, processing and use as well as obtaining of consent) of Personal Data within our online offer and the websites, functions, and content connected with it (hereinafter jointly referred to as “Platforms”). This privacy policy applies in a technology-neutral way, regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online offer is executed.

We are committed to protecting your privacy as a user (referred to as “User“, “you“, “your” or “Data subject(s)“), and we take our responsibility regarding the security of your Personal Data (defined below) very seriously.

The capitalized terms mentioned in this DPD without previous definition shall have the meanings according to the terms in the General Data Protection Regulation. 

  • Who is responsible for processing your Personal Data?

For the purposes of data privacy laws, principles, and regulations that may apply to the User, SolaVieve Technologies GmbH (referred to as “SolaVieve“, “we“, “us” or “our“) is the “data controller” for all Personal Data that is collected from our Users.

  • What Personal Data do we collect (including by automated means)?

We process users’ data in compliance with the General Data Protection Regulation (“GDPR”). This means that users’ data will only be processed if a legal basis is available under article 6 GDPR, especially if it is required by law, if consent is given, or if the data are necessary for the provision of our contractual services (whether online or offline).

We may ask for and collect your Personal Data (either directly through your use of the Platform or when you communicate with us in any other way, or indirectly through our third parties) in a number of ways to provide you with our services. We may also collect information from you automatically when you visit our Platform – for more information, please refer to our Cookie Policy.

    • Personal Data: “Personal Data” are defined under article 4 (1) GDPR, as the information that can be used to identify you directly or indirectly as an individual, in order to provide you with the service.  This includes, but is not limited to, information such as your name, phone number, social media name, email address, IP address, location data, details of services you have purchased, payment details, information about your access to our website, and other online identifiers that may help us to improve or personalize our services. There will be a temporary data retention, refer to 4 (c) of this Declaration for more information. 
    • Health Data: We collect certain health information, subject to article 9 GDPR on the restriction of processing of sensitive information in the course of providing you our Services. Prior to collecting this type of information, we will obtain your explicit consent to allow processing. Health data consist of the data generated from your Health Assessment (Virtual Coaching Session) when using our services, which include your interaction with health questions in our surveys and are linked to your personal profile. We will also use data generated from your interaction with the health practitioners during the consultation period, for the contractual necessity of providing our services .

You may withdraw your consent at any time using the privacy settings or by sending an email to the Data Protection Officer (contact details below). However, be aware that by ceasing to input new data we may not be able to provide you with some services, and this does not affect the lawfulness of processing or storage of previously collected data before the withdrawal of consent, unless you request the erasure of such data. 

For the general data retention period, refer to 4 (c) of this Declaration for more information. The health data we collected from WQ™ will subsequently be used in Holisticly and Academly to match you with the right practitioners and redirect you to some articles that may be of your interest. We rely on your explicit consent in processing sensitive health data under Article 9(2)(a) of the GDPR. In case you want to revoke consent to the processing of your data, you can exercise your right to erasure anytime under the GDPR. For details, please refer to your Data Subject Rights (refer to section 5).

  • Why and how do we use your Personal Data?

In addition to the uses expressly mentioned above, users’ data will be processed for the following purposes, based on contractual necessity, consent of the user, or in pursuit of our legitimate interests:

  1. To provide, execute, maintain, optimize, and safeguard our services and user benefits, as well as to maintain the security of our platforms. System data will be collected to maintain the functionality and security of our apps. 
  2. Transfer and/or sharing of users’ data. We do not sell users’ data to any third parties within the meaning of the CCPA. For more information, please refer to our Additional Terms. We only share data  if necessary for billing purposes or for other purposes that are necessary to fulfill our contractual obligations to the user.
  3. To perform our legal obligations under national law or Union law, or for prevention of crime.
  4. For the purpose of marketing our products and services, sometimes through third party websites or APIs
  5. For communication purposes. This includes contact information you use to contact us (contact form and/or email) to enable us to process the inquiry and follow-up questions. 
  6. For statistical purposes to improve our services. For example, for confirmation of the age of the majority of the users.
  7. To provide a more personalized experience to users pursuant to our contract. We may collect metadata emitted by your device, your demographic data and health data to enrich your user profile in all of our products. We may use these data interchangeably across our platforms in order to provide you more personalized experience  during your Health Assessment, Virtual Coaching Session and Practitioner Session etc. We will ask for your explicit consent in accordance with Art. (9)(2)(a) of the GDPR before we collect or further process some sensitive data, such as health data. 
  • How do we protect your Personal Data (including retention periods)
    • Security: We follow strict security procedures in the storage and disclosure of your Personal Data. These procedures are designed to protect your Personal Data against misuse, unauthorised access, modification or disclosure, and accidental loss, destruction, or damage. We take technical and organizational measures (TOMs) including but not limited to authentication of the user via email confirmation, setting up a firewall, use of a virus scanner against potential malware, and data backup on a weekly basis to safeguard your Personal Data. Please refer to our IT security guideline or send us an inquiry if you have any questions about our security measures.
    • Location of storing users’ data: We use Google Cloud to store all our data for processing purposes. Their data centers are located in the United States or other regions that may require transfer of data from the EU to other third countries. Google provides third-party ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701 and SOC 2/3 reports to comply with the GDPR requirements and provide services, such as conducting risk assessment and to determine whether appropriate technical and organisational measures are in place. After the invalidation of the Privacy Shield in CJEU case C-311/18, Google Cloud now uses Standard Contractual Clauses or Model Contract Clauses (MCCs) for compliance with privacy regulations including the GDPR.  We have signed the Data Privacy Agreement with Google and store our data in our own Google Cloud Platform. For details, please refer to Google Cloud’s official website. However, please note that the data that we share with third parties is automatically stored at the third parties’ server, but only in order to provide you necessary services according to our contract. We will neither sell nor share your data with third parties for marketing purposes and will keep your Personal Data within our own servers.
  • Retention of your Personal Data: We will not retain your data for longer than is necessary to fulfil the purposes for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the purposes for which we process it, and whether we can achieve those purposes through other means.

We also consider the periods for which we might need to retain Personal Data in order to meet our legal obligations, to deal with complaints and queries, and to protect our legal rights in the event of a legal claim being made.

In general, this means that we are likely to keep your Personal Data for as long as your User Account is active. Following closure of your User Account or erasure of your Personal Data, we may still retain a limited portion of your Personal Data so that we can maintain a continuous relationship with you in case we are in contact with you again, and to comply with our internal processes and legal obligations.

When we no longer need your Personal Data, we will securely delete or destroy it. We will only use the least amount of data necessary for processing to fulfill one or more specific purpose(s) in accordance with the data minimization principle pursuant to Art. 5(1)(c) GDPR., If we can anonymise or pseudonymise your Personal Data to the extent it can no longer be associated with you or identify you, whether directly or indirectly, then we may use that information without sending further notice to you.

  • Your rights and choices: As a person affected by the processing of Personal Data, you have the following rights:
  1. You have the right to obtain confirmation as to whether Personal Data concerning you is being processed. If this is the case, you have the right to be informed about the Personal Data and to receive the information specified in Art. 15 GDPR.
  2. You have the right to ask the data controller to correct incorrect Personal Data concerning you without undue delay and, if necessary, to complete incomplete Personal Data (Art. 16 GDPR).
  3. You have the right to request the controller to delete personal data concerning you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g., if the data is no longer needed for the purposes for which it was collected (right to deletion).
  4. You have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have lodged an objection to processing, for the duration of the controller’s examination.
  5. You have the right to enjoy data portability to receive Personal Data concerning yourself, where the Personal Data is collected and processed on the basis of consent, or where the Personal Data is necessary for the performance of the contract, or when the processing is carried out by automated means. The Personal Data provided must be in machine-readable and interoperable format (Art. 20 (1) GDPR). You can also request your Personal Data to be transmitted directly from one controller to another, where technically feasible (Art. 20 (2) GDPR). 
  6. You have the right to object to the processing of Personal Data concerning you at any time for reasons arising from your particular situation. The controller will then no longer process the Personal Data unless he can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).

In order to exercise your rights listed above, you can send us a data subject request to our Data Protection Officer listed in Section 9, and we will process your request within 1 month of receiving it.

Right to withdraw

The data subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject will be informed thereof. It is as easy to withdraw as to give consent (Art. 7 GDPR). You can revoke your consent by sending an email to our Data Protection Officer or changing it in your privacy settings. See also our cookie policy.

Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of Personal Data concerning you is in breach of our agreement or the GDPR (Art. 77 GDPR). You may exercise this right before a supervisory authority in the Member State in which you are resident, your place of work or the place of the suspected infringement.

Right of objection for direct marketing

In individual cases we process Personal Data in order to carry out direct marketing. In this case you have the right to object at any time to the processing of Personal Data concerning you for the purpose of such advertising (Art. 21 GDPR). If you object to processing for the purposes of direct marketing, the Personal Data will no longer be processed for these purposes.

The objection can be made at any time without any formal requirement using one of the contact options provided in this data protection policy or in our imprint.

  • Links to other third party websites

Our Platform may provide links to other websites for your convenience and information. These websites may operate independently from us. 

If you visit any website linked to our Platform, you are subject to that website’s own privacy policies. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. With regard to any linked websites that are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.

    • Third Parties

APIs (Application Programming Interfaces): API (Application Programming Interface) is a software intermediary that allows two applications to interact with each other. Every time you use one of our applications, such as Holisticly, for payment or assessing your health status, you are using an API.

We do have integrations of APIs that are necessary for providing our contractual services, including but not limited to Stripe for payment, Sendbird for telemedicine, Timekit for booking and scheduling, Landbot for Virtual Coaching Sessions, and Hubspot for direct marketing activities like collecting email addresses and delivering personalized emails and pop-ups accordingly, which will then be used by email API SendGrid  for automated email campaigns and to send other automatic emails, such as confirmation emails or password recovery emails.

If you have any questions on the use of API in our online services, please file an inquiry with our DPO through email address legal@solavieve.com . 

Google- Re/Marketing Services: We use the Google Remarketing application, a retargeting feature used by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Remarketing allows us to display ads for and on our website that are customized according to visitors’ interests so that we only show you ads that may be of interest to you.

Please note that we will not sell your data to third parties, including Google. All data that you provide to us will only be circulated for internal use, such as for our own marketing or remarketing purposes. Third parties cannot use our data, but we may use third-party publishers to display our own ads that may be of interest to you. If you have any questions, please check Google’s privacy policy or change your privacy settings on our websites.

For these purposes, when Google calls up our website, a code is executed and so-called (re)marketing tags are incorporated into the website. This means that an individual cookie file is stored on your device, which stores information about the websites you visit, the content you access, your browser and your operating system. Your IP address is also recorded. The IP address will not be merged with data from you within other offers from Google. However, Google may combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, the ads tailored to the user’s interests may be displayed.

Your data is always processed pseudonymously by Google Remarketing. This does not apply if you have expressly allowed Google to process your data without using a pseudonym. The information collected by Google Remarketing about users is transmitted to Google and stored on Google’s servers.

Further information on the use of data for marketing purposes by Google can be found on the overview page or the Google privacy policy:

Overview page: https://policies.google.com/technologies/ads?hl=de

Privacy policy: https://policies.google.com/privacy

Google uses standard contractual clauses and thus offers a guarantee of compliance  with European data protection law.

The legal basis for the use of Google Remarketing is the consent given by you when you access our website in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future via the cookie settings.

Facebook social plugins: All websites operated by SolaVieve Technologies GmbH use social plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

The plugins can be recognized by one of the Facebook logos or are marked with the phrase “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here:

https://developers.facebook.com/docs/plugins/page-plugin.

We rely on your consent to the collection of data when using plugins. So if you do not agree to the use of data when you visit our website for the first time, the social plugin of the social network facebook.com will not be activated, so that data will not be transferred even if you accidentally press the buttons.

If you agree to the processing of your data by the social plugin of Facebook within the scope of the opt-in procedure, the lawfulness of the processing of your data is based on consent obtained in accordance with Art. 6 (1)a GDPR, so that we use your data within the scope of the consent you have given for the purposes of linking to the social network.

If you then call up a website of our Internet presence that contains such a plugin, your browser will only establish a direct connection with the Facebook servers when the user activates the “Facebook” button by clicking on it. The content of the plugin is then transmitted by Facebook to your browser, which integrates it into the website. By activating the plugin, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example, by pressing the Like button or making a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If you are not a member of Facebook, it is still possible for Facebook to find out and save your IP address. For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and setting options for protecting your privacy, please refer to the Facebook data protection information: https://www.facebook.com/about/privacy.

Information about the use of this website and your IP address is transmitted to Facebook servers in the USA and other third countries and also stored on these servers. In addition to your consent, Facebook has stated that it uses the standard contractual clauses of the European Union within its group structure to ensure that the data protection requirements are guaranteed for transfers to third countries (see also: https://de-de.facebook.com/policy.php -> How do we process and transfer data as part of our global services?)

Facebook remarketing: The website uses the “Facebook Pixel” remarketing feature of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). This allows users of the Website to see interest-based advertisements when visiting the social network Facebook and continue to use other functions of the websites . In this way, we pursue the interest of displaying advertisements relevant to you in order to make your visit to our website more interesting.

In the context of the use of cookies, we rely on your consent to the collection of data. If you do not agree to the use of data when you first visit our website, we will not collect your usage behaviour or other personal data that may arise during your visit and will therefore not use it for remarketing campaigns afterwards. This also applies to third-party cookies such as the present Facebook Pixel Plugin.

If you agree to the processing of your data within the scope of the opt-in procedure, the lawfulness of the processing of your data is based on consent in accordance with Art. 6(1)(a) GDPR, so that we use your data within the scope of the consent given by you for marketing purposes and for the evaluation of your usage behaviour.

Due to the use of the plugin, your browser establishes a direct connection to the Facebook server. We have no influence on the processing of the data collected by Facebook due to the use of the function. To the best of our knowledge, Facebook receives the information that you have called up the subpage of our website or clicked on the advertisement. Facebook can assign this information to your account if you are registered with Facebook. If you are not registered or not logged in, Facebook may still process your IP address and other identifying information.

Information about the use of this website and your IP address is transmitted to Facebook servers in the USA and other third countries and also stored on these servers. In addition to your consent, Facebook has stated that it uses the standard contractual clauses of the European Union within its group structure to ensure that the data protection requirements are guaranteed for transfers to third countries (see also: https://de-de.facebook.com/policy.php -> How do we process and transfer data as part of our global services?)

Landbot: The platforms use Landbot services which transform the platforms into conversational experiences by using a chatbot. Allowing us to provide you with the Virtual Coaching Sessions. Landbot will process the personal data and health data that exists in the platforms. This service is essential for us to provide you with our services, however, we will need your consent before you do the Virtual Coaching Sessions in order to process your sensitive data. 

Landbot guarantees that under no circumstances shall communicate or transfer personal data to third parties, except where expressly authorised, and in legally admissible cases. Landbot has taken technical and organisational measures that meet the GDPR standards.

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with Landbot.  

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be object to a decision based solely on automated processing, including profiling, and object, with Landbot, contact legal@landbot.io  or contact our DPO directly.

Sendbird: The platforms use SendBird services to provide for the transmission of text, rich messages, voice, video and other data, including the SendBird Software and any APIs to such platforms. This service will be essential since we use their services to enable you to contact our customer support and to communicate with the practitioners. 

Any Sub-processor of SendBird will be permitted to obtain Personal Data only to deliver the services SendBird has retained them to provide, and they are prohibited from using Personal Data for any other purpose. SendBird will have a written agreement with each Sub-processor and agrees that any agreement with a Sub-processor will include substantially the same data protection obligations as they have with SolaVieve. 

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with SendBird. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Sendbird, contact our DPO directly. 

HubSpot: The platforms use HubSpot services, a marketing, content management, web analytics and search engine optimization service. HubSpot will need your consent in order to provide its services. 

HubSpot engages Sub-Processors to Process your Personal Data on behalf of SolaVieve. You can find these sub-processors in Annex 4 here: https://legal.hubspot.com/dpa.

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with HubSpot. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with HubSpot, contact our DPO directly. 

Hotjar: The platforms use Hotjar, a web analytics service, with this service online behaviour and feedback of website visitors is revealed to us, in order to improve and provide you with a best experience while browsing the platforms. This is a functional service, and we will need your consent in order to use it. 

Hotjar processes data exclusively within a member state of the European Union or within a member state of the European Economic Area (EEA). Any transfer to another country requires prior consent from SolaVieve, in which case, we will inform you. 

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with Hotjar. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Hotjar, contact our DPO directly. 

Usercentrics: SolaVieve uses Usercentrics, a consent management platform, to manage and be able to prove your consent and withdrawal from the third party services we offer, and from the services. This is an essential tool, as we need it in order to be compliant with GDPR. 

Usercentrics shares data with Google Ireland Limited and Auth0 Inc., in order to be able to provide its services.  

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with Usercentrics. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Usercentrics, contact our DPO directly.

Sendgrid: The platforms use SendGird services to provide for email marketing and API. This service will be essential since we use their services to be able to send you an email confirmation when you sign-up. 

Sendgird and its affiliates may use sub-processors to fulfill its contractual obligations under the Agreement with SolaVieve. Where they authorize any sub-processor they agree to impose data protection terms on any sub-processor it appoints that require it to protect the Customer Content to the standard required by Applicable Data Protection Law

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with Sendgrid. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Sendgrid, contact our DPO directly. 

Google Cloud: SolaVieve stores it’s codes, and has its database in Google Cloud, meaning this is an essential tool in order to provide you with our services.  Google Cloud has subprocessors, you can find them in the following link:

 https://cloud.google.com/terms/subprocessors.

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with Google. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Google Cloud, contact our DPO directly. 

Automattic: SolaVieve uses automattic, an open source service, and site-building services which we need in order to provide you our services and for you to access the platform.

For the purpose of compliance, SolaVieve celebrated a Data Protection Agreement with Automattic. 

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Automattic, contact our DPO directly. 

Stripe: SolaVieve uses stripe, an online payment processor which we need in order to provide you our services and receive the payment from you. 

Your payment information, in relation to Practitioners Services, will be stored from the moment you enter it into the platform until the amount is charged. In case of subscription, the payment information will be stored in order to automatically charge the monthly or yearly amount.

To exercise your rights of access, rectification, erasure, restriction of processing, data portability, not to be subject to a decision based solely on automated processing, including profiling, and object, with Automattic, contact our DPO directly.

  • Integration of third party services and content

Within our online offer, the contents or services of third-party providers, such as city maps or fonts from other websites, may be integrated. The integration of content from third-party providers always requires that the third-party providers are aware of the IP address of the user, as they would not be able to send the content to the user’s browser without the IP address. The IP address is therefore necessary for the display of this content. Furthermore, the providers of the third-party content may set their own cookies and process the users‘ data for their own purposes. User profiles can be created from the processed data. We will use this content sparingly and with reasonable effort to avoid data loss and will select reliable third-party providers with regard to data security.

The following presentation offers an overview of the third-party providers we use, which are necessary to provide our online services according to our contract:

Google Fonts: Google Fonts can be used in different ways. The so-called “Online” mode, which connects to the Google servers as soon as the website is called, is widely used. However, for reasons of data economy and because it is technically difficult to obtain consent, the integration of fonts in “offline” mode is preferable in order to be able to use Google fonts in a legally secure manner. More information about the differences can be found at: 

https://developers.google.com/fonts/faq2#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users

If you decide to use the “online” mode despite the legal risk, you will also find a corresponding text module for this.

For the display of external fonts we use Google Fonts in “offline” mode. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). No data is passed on to Google servers.

Youtube: Plugins of the social network YouTube are used on our website. The operator of Youtube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We rely on your consent to the collection of data when using plugins. If you do not agree to the use of data when you first visit our website, the plugin will not be activated by Youtube, so that data will not be transferred even if you accidentally interact with a Youtube plugin.

If you are on a page of our website on which such a plugin is provided, your browser only establishes a direct connection with the servers of YouTube when the user clicks on the relevant button (“Extended data protection mode”). The content of the plugin is then transmitted by YouTube to your browser and integrated by it into the website. By activating the plugin, YouTube receives the information that you have called up the corresponding page of our website. Content is then transmitted from YouTube to your browser and included on the page. YouTube receives the message that you are on the corresponding page of our website. This happens even if you do not have a profile on YouTube or are not logged in. Personal Data (including your IP address) is then automatically forwarded to and stored in a server of YouTube located in the USA.

A direct assignment on the part of YouTube only takes place if you are logged in to YouTube. A corresponding interaction takes place even if you click the corresponding button actively. The result is a publication on your YouTube account and the presentation of such a publication in your contacts. 

Please note that YouTube is also used for the hosting of our VC Session videos, which is necessary for the provision of our contractual services. If you have any further questions, please feel free to contact us.

Further details on how YouTube handles your Personal Data can be found on the following webpage: https://policies.google.com/privacy?hl=de&gl=de 

  • Updates to this Privacy Policy

We reserve the right to change the Privacy Policy in order to adapt it to changing legal requirements or in case of changes in service and / or data processing. However, this only applies with regard to declarations on data processing. Insofar as the consent of the users is required or components of the data protection policy contain amendment of the contractual relationship with the users, the user will need to consent to those changes. If they do not consent to the changes, the user should cease using our platforms.   

If we make changes to the Privacy Policy, we will post those changes on our websites and online offers and inform you through the Newsletter as well so you are aware of what has been changed and the purposes of the changes. In addition, we strongly suggest our users check our Data Privacy Policy on a regular basis.

All such changes to the Privacy Policy are effective immediately when posted to the Platform and apply to all access to and use of the Platform thereafter.

  • How to contact us?

We welcome inquiries, questions, and comments about this Privacy Policy and our privacy practices. If we receive a complaint from you about how we have handled your Personal Data, we will investigate and determine what action we should take to resolve the complaint. We will contact you within a reasonable time, normally within 1 month, and may request more information to assist us with our investigation. We aim to resolve all complaints in a timely manner.

If you wish to provide feedback or if you have questions or concerns or wish to exercise your rights related to your Personal Data, please contact us at the following email address: legal@solavieve.com, 

  • Additional Terms 

The above Privacy Policy applies only to users living in the European Union within the territorial scope of Art. 3 GDPR. Under the California Consumer Privacy Act (CCPA), California Civil Code Section 1798.100, California residents also have the following rights with regard to their Personal Data. 

Right of Access: You have a right to request access to the Personal Data we may hold on you for the past twelve months. You may submit up to two requests per year to access your Personal Data.

Right to Opt-In/Opt-Out of Sale of Personal Data: You have the right to opt-in to the sale of Personal Data  we may hold on you to third parties, but please note that we will not sell your data to third parties by default.

Right to Deletion: You also have the right to delete data or restrict processing activities. There may be exceptions to the right to deletion for specific legal reasons which, if applicable, we will set out for you in response to your request.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.