Privacy

The messaging service Inspora m.me/heyinspora, (“Messaging Service”) and the websites http://facebook.com/heyinspora (“Facebook Page”) and inspora.com (“Website”) are offers of HypeTag GmbH (“Hype Tag” or “we”). With this privacy policy, we inform you about the processing of personal data in connection with the use of the Messaging Service, our Facebook Page and our Website. If you are redirected to other websites via a link, the privacy policy of the respective website operator applies. We recommend that you inform yourself about the handling of personal data on the respective website. We know that the protection of your data is important to you and appreciate the trust placed in us. HypeTag strictly adheres to the legal provisions of the applicable data protection law when collecting, processing, and using your data.

You may only use our Messaging Service if you are at least 16 years old.

1. Who is responsible for the data processing and who can I contact?

Controller of your personal data within the meaning of Art. 4 (7) of the European General Data Protection Regulation (“GDPR”) is:

HypeTag GmbH Wetzlarer Strasse 30 14482 Potsdam Germany

Managing Directors: Willi Ibbeken

Email: hey@inspora.com
Phone: +49 172 649 77 21

2. Applicable Law

2.1. Visiting our Website

When you visit our Website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted: IP address of the requesting device; date and time of access; name and URL of the accessed file; mobile device ID; website from which access is made (“referrer URL”); if applicable, the search engine you used; the browser used; and, if applicable, the operating system of your device as well as the name of your access provider.

The mentioned data will be processed by us for the following purposes:

The legal basis for data processing is Art. 6 (1) (b) GDPR, insofar as data processing is required for the provision of the website. Apart from this, the processing is based on Art. 6 (1) (f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. The log files are deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is required for the above-mentioned purposes.

You can object to the statistical analysis of the log files by Facebook by contacting Facebook through https://www.facebook.com/help/contact/2061665240770586.

For more information about data processing by Facebook, please visit
https://www.facebook.com/about/privacy.

2.2. Visiting our Facebook page

Our Facebook Page uses the services of Facebook Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information.

The terms and conditions of Facebook apply: https://www.facebook.com/legal/terms. To learn more about how Facebook may use your data, please see Facbeook’s Privacy Policy: https://www.facebook.com/about/privacy.

When you visit our Facebook Page, the browser on your device automatically sends information to the server on the website. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted: IP address of the requesting computer; date and time of access; name and URL of the accessed file; mobile device ID; website from which access is made (“referrer URL”); if applicable, the search engine you used; the browser used; and, if applicable, the operating system of your computer as well as the name of your access provider.

The mentioned data will be processed by us for the following purposes:

The legal basis for data processing is Art. 6 (1) (b) GDPR, insofar as data processing is required for the provision of the website. Apart from this, the processing is based on Art. 6 (1) (f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. The log files are deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is required for the above-mentioned purposes.

You can object to the statistical analysis of the log files by Facebook by contacting Facebook through https://www.facebook.com/help/contact/2061665240770586.

For more information about data processing by Facebook, please visit https://www.facebook.com/about/privacy.

2.3. Using our Messaging Service and contacting us via Chat

In addition, we process personal data that we receive from you in the course of our business relationship while you use our services. The legal basis for this is Art. 6 (1) (b) GDPR.

For example, we process personal data if you provide it to us when using our Messaging Service via Facebook Messenger or Chat.

Our Messaging Service is offered within the application Facebook Messenger (“Facebook Messenger”). You may only use our Messaging Service if you are a registered user of Facebook Messenger and logged in into you user account with Facebook Messenger. HypeTag will not receive your log-in data for your Facebook Account. We will receive all information from your Facebook account which you made publicly available on Facebook. “Publicly available” means that anyone may see that information, regardless of their registration with Facebook. This data includes: your name, your profile picture, your cover photo, your gender, your user name (Facebook URL), your user ID (Facebook ID). You may change your privacy settings for you Facebook account directly on Facebook. For further information on adjusting your privacy settings on Facebook, please visit https://www.facebook.com/help/www/193677450678703.

While using our Messaging Service, your device automatically establishes a direct connection to a Facebook server in the USA. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, because Facebook has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information.

For more information about data processing by Facebook, please visit https://www.facebook.com/about/privacy.

HypeTag requires the following data for the execution and processing of the Messaging Service offered: Your name, Facebook URL, Facebook ID, your gender. In order to give advice on your preferred outfit within our Messaging Service, we need further information about you in order to match your personal preferences. You may submit personal data to us voluntarily, such as your style preferences, your body type, your location, your wardrobe etc. You freely choose what information you give us in the Messaging Service. We will store and process the data we receive from you.

If you are an Instagram blogger interested in being featured in our services, you may also contact us on our Website via Chat. In this case we will ask you to provide your e-mail address as well as your Instagram profile name. Processing this information enables us to assess whether we can cooperate with you. We only store this data, as long as we need it to answer your request or, if we enter into a cooperation, as long as we cooperate.

3. For what purpose and on what legal basis do we process your data?

We process personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”):

3.1. For the performance of contracts and pre-contractual measures (Art. 6 (1) (b) GDPR)

The processing of personal data (Art. 4 (2) GDPR) takes place for the provision of the services offered in our Messaging Service and on our Website and for answering your inquiries in connection with your using of our Messaging Service.

Further details for the purpose of data processing can be found in our terms.

3.2. For legitimate interests (Art. 6 (1) (f) GDPR)

If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties, for example in the following cases:

3.3. On the basis of your consent (Art. 6 (1) (a) GDPR)

If you have given us your consent to process personal data for specific purposes, this processing is lawful on the basis of your consent. You can withdraw your consent at any time. Please note that the withdrawal will only take effect for the future. The lawfulness of our processing based on your consent which took place before the withdrawal is not affected.

3.4. Due to legal obligations (Art. 6 (1) (c) GDPR)

In addition, we are subject to various legal obligations. The purposes of the processing include, inter alia, the fulfilment of retention periods under commercial and tax law.

4. Cookies

We use cookies on our Website that collect your data using pseudonyms. Cookies are small text files that a website generates and which your Internet browser stores on your hard drive when you visit the website. You can prevent the use of cookies at any time by setting your Internet browser so that it does not accept new cookies (especially third party cookies) or notifies you of new cookies. You can also delete cookies that have already been saved in your Internet browser settings. You can get help on how to change your cookie settings in the help function of your Internet browser, for example. Further information on this and on cookies in general can be found, e.g., at http://www.allaboutcookies.org/ and http://www.youronlinechoices.com/. Please note that you will not be able to use some features of our website if you do not accept cookies.

On our website we use technically necessary cookies, web analysis cookies and tracking cookies for advertising purposes:

4.1. Technically necessary cookies

Most of the cookies we use are technically necessary to enable you to use our website and the services offered on it (e.g. secure login, adding products to the shopping cart in the order process) (“session cookies”). Our legitimate interest in data processing lies in these purposes; the legal basis is Art. 6 (1) (f) GDPR. The data will not be combined with other personal data and will not be used for advertising purposes. Session cookies are deleted after the end of the respective browser session, at the latest after seven days.

4.2. Web analysis cookies (Google Analytics)

If you have given your consent on our Website, we also use cookies to create pseudonymous user profiles for the purpose of web analysis (“web analysis cookies”) These cookies enable us to identify returning users (device owners), analyze their behavior on our website, optimize our website and measure its reach. The legal basis for such data processing is Art. 6 (1) (a) GDPR. You give your consent to this tracking on our website by clicking on “OK” in our cookie banner; no web analysis cookies are set before this happens. We do not combine the data with other personal data and we do not use it for the targeted addressing of individual users for advertising purposes. The web analysis cookies are deleted after 24 months at the latest or if you withdraw your consent beforehand.

For this web analysis we use the service Google Analytics, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website (browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address), date and time of the server request) are generally transferred to a Google server in the USA and stored there. On our website, we have extended Google Analytics with the code “anonymizeIp()” to guarantee an anonymous collection of IP addresses (so-called IP masking). Google will therefore reduce your IP address by the last octet within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission (C/2016/4176 of 12 July 2016 – http://data.europa.eu/eli/dec_impl/2016/1250/oj) within the meaning of Article 45 GDPR, because Google has undertaken to comply with the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

On our behalf, Google uses this information as a processor within the meaning of Art. 28 GDPR to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You can prevent the use of cookies by selecting the appropriate settings on your browser (see above); however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google for all websites by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on Google Analytics’ Terms of Use and Privacy Policy, please visit https://www.google.com/analytics/terms/gb.html and https://support.google.com/analytics/answer/6004245?hl=en.

4.3. Tracking cookies for advertising purposes

If you have given your consent on our Website, we also use tracking cookies for the purpose of targeted and interest-related online advertising (“advertising cookies”) hese cookies collect and store information about your use of our website in pseudonymous form. The legal basis for data processing is Art. 6 (1) (a) GDPR. You give your consent to this tracking on our website by clicking on “OK” in our cookie banner no advertising cookies are set or other tracking technologies (e.g. tracking pixels) are activated before this happens. You can withdraw your consent in the footer of our website. The lawfulness of the processing carried out on the basis of your consent until withdrawal remains unaffected. We do not combine the information with other personal data that you voluntarily provide to us when you use the services on our website. We use the information to place advertisements on our website and on the websites of third parties (insofar as these are part of our advertising network) that correspond to your interests. You also benefit from this because you will be confronted with less advertising that is not tailored to your interests. We also use the information to measure and optimize the success of our advertising campaigns.

If you have given your consent on our website, we use the following tracking cookies (and tracking pixels) for advertising purposes:

4.3.1. Facebook Retargeting (Facebook Custom Audiences)

Our website uses the remarketing function “Custom Audiences” of Facebook Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). This allows users of the website to view interest-based advertisements (“Facebook ads”) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting for you.

Based on the marketing tools used (Facebook tracking pixel), your browser automatically establishes a direct connection to a Facebook server in the USA. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, because Facebook has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). By integrating Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence, or have clicked on an advertisement from us. Facebook also receives the same information when it visits third-party websites, which also contain a Facebook tracking pixel. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information.

We do not receive access to this tracking data (except in aggregated form) and you remain anonymous to us.

You can deactivate the “Facebook Custom Audiences” function as a logged-in user at https://www.facebook.com/settings?tab=ads. As far as Facebook uses retargeting cookies, you can deactivate the storage of cookies in the settings of your browser or at http://www.aboutads.info/choices. For more information about data processing by Facebook, please visit https://www.facebook.com/about/privacy.

4.3.2. Mixpanel

This website uses functions of the web analysis service Mixpanel. Provider is the Mixpanel Inc., 405 Howard Street, Floor, San Francisco, CA 94105, USA. Mixpanel uses cookies that are stored on your computer and that allow for an analysis of your use of our website. The information generated by the cookie about your use of this website is usually transmitted to a Mixpanel server in the USA and stored there. It may include the following information:

On our behalf, Mixpanel uses this information as a processor within the meaning of Art. 28 GDPR to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use.

Our legal basis for using Mixpanel analytics cookies is Art. (1) (a) GDPR. You give your consent to this tracking on our website by clicking on “OK” in our cookie banner. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, because Mixpanel has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

You can prevent that cookies are stored on your computer in the settings of your browser; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

You can also prevent the collection of your data by Mixpanel by clicking on the following link https://help.mixpanel.com/hc/en-us/articles/360000679006-Managing-Personal-Information#optout-users. An opt-out cookie will be set to prevent your data from being collected on future visits to our website.

4.3.3. Chatfuel

For our Messaging Service we use functions of the analysis service Chatfuel. Provider of this service is 200 Labs, Inc., d/b/a Chatfuel, 555 De Haro Street, Suite 280, San Francisco, CA 94107 USA. We use the services of 200 Labs, Inc. as a processor within the meaning of Art. 28 GDPR. Chatfuel is an online platform that allows developers, individuals, companies, and agencies, to build, host, and manage chatbots. Chatfuel performs cloud based analytics services. The platform allows you to get in contact with us by communicating with the provided Messaging Service via Facebook Messenger. Chatfuel uses personal data to enable us to customize and improve the use of our Messaging Service based on your public Facebook profile and the data you share with us within the chat. Your data is transferred to a server in the USA and stored there. It may include the following information:

As the provider of Chatfuel, 200 Labs, Inc., ist located in the USA, any information you provide, will be processed and stored in the USA. If you are in the European Union or European Economic Area, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically a resident in. As far as 200 Labs, Inc. transfers information from the European Union to third parties outside the European Union and to countries not subject to schemes which are considered as providing an adequate data protection standard, we have concluded an agreement containing standard contractual clauses within the meaning of Art. 46 (2) (c) GDPR.

The legal basis for data processing is Art. 6 (1) (b) GDPR, insofar as data processing is required for the provision of our Messaging Service. Apart from this, the processing is based on Art. 6 (1) (f) GDPR. Our legitimate interests follow from the purposes named above for data collection.

For more information about data processing by Chatfuel, please visit https://chatfuel.com/PrivacyPolicy-EU.pdf. The terms and conditions of Chatfuel may be accessed here: https://chatfuel.com/TermsOfUse.pdf.

5. Direct marketing

5.1. Push Messages

If you have expressly consented according to Art. 6 (1) (a) GDPR, we use your Facebook Messenger account to inform you in separate messages about our latest offers and fashion trends. We record your consent.

To receive our news, it is sufficient to tell us within the chat with Inspora that you would like to receive our messages.

A chat message “cancel the service” at any time. In this case, your Facebook ID and your Facebook URL will be deleted from our messaging distribution list and added to our blacklist. The withdrawal of your consent will only take effect for the future. The lawfulness of any processing based on your consent carried out before the withdrawal is not affected by this.

5.2. Existing customers

If you have already requested services from HypeTag, we inform you from time to time by push message about similar goods and services from HypeTag if you have not objected to this.

The legal basis for such data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR).

You can object to the use of your Facebook ID for our advertising purposes at any time without additional costs by email hey@inspora.com.

6. Social-Media-Plugins (Facebook, Twitter, Google+1)

We use social media plugins from the following providers on our Website:

We use the so-called two-click solution. This means that when you visit our website, generally no personal data is passed on to the providers of the plugins. We offer you the possibility to communicate directly with the provider of the plugin via the button. You can recognize the provider of the plugin by the name of the respective plugin and the logo. Only if you click on the button and thereby activate it, will the plugin provider be informed that you have accessed the corresponding website of our online offer. In the case of Facebook, the IP address is anonymized immediately after collection, according to the provider. By activating the plugin, personal data is transferred from you to the respective plugin provider and stored there (for US providers in the USA). The transfer of your information to a third country outside the EU is covered by a Commission adequacy decision (C/2016/4176 of 12 July 2016 - http://data.europa.eu/eli/dec_impl/2016/1250/oj within the meaning of Article 45 GDPR, because Facebook, Twitter and Google have self-certified their adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

If you click on a button, the plugin provider stores the data collected about you as user profiles and uses it for purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective plugin provider. The data transfer is independent of whether you have an account with the plugin provider and are logged in there. If you are logged in with the plugin provider, your data collected with us will be directly assigned to your existing account with the plugin provider. If you click on the button and, for example, link the page, the plugin provider will also save this information in your user account and communicate it to your contacts publicly. We recommend that you log out regularly after using a social network, especially before activating the button, as you can thus avoid being assigned to your profile with the plugin provider.

The legal basis for the use of the plugins is Art. 6 (1) (f) GDPR. The plugins serve to promote our website and our goods and services through selected social media channels. This advertising purpose is our legitimate interest in data processing, which you yourself trigger by a conscious action (clicking on the button).

For more information about the purpose and scope of data collection and processing by the plugin provider and your rights and settings to protect your privacy, please visit

Our website also contains simple links to our profiles on Facebook, Twitter and YouTube (operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA). If you click on these links, you will leave our website. The data processing on the websites of the social media providers is subject to the privacy policies available there.

7. Who gets my data?

Within our organization, those departments or individuals get access to your data that need it in order to fulfil our contractual and legal obligations.

Processors (Art. 28 GDPR) may also receive data for the aforementioned purposes. These companies work in the fields of troubleshooting (such as Functional Software, Inc.’s Sentry) , programming (200 Labs, Inc.’s Chatfuel), message management (Google LLC’s Dialogflow), IT services (such as Amazon Webs Services, Inc., Hello Umi S.L. (“Landbot”), logistics, printing and shipping services, telecommunications, sales and marketing. If these processors are located outside the EU they have either (as Functional Software, Inc., Amazon Web Services, Inc., Google LLC, Mixpanel, Inc.) self-certified their adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) or we have concluded with them (as with 200 Labs, Inc.) an agreement containing standard contractual clauses within the meaning of Art. 46 (2) (c) GDPR.

We share your personal data with third parties if this is necessary to fulfil an existing contractual relationship between you and HypeTag or to implement pre-contractual measures (Art. 6 (1) (b) GDPR) or for the purposes of legitimate interests (Art. 6 (1) (f) GDPR). When you use our Messaging Service and visit our Facebook Page, the terms and conditions of Facebook apply. Your personal data will be disclosed and transmitted to Facebook as part of using Facebook’s services.

We only share such information as is required by the respective service provider to perform the task assigned to him. The service provider undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.

In addition, your personal data will be disclosed or transmitted if required to do so by law (Art. 8 (1) (c) GDPR) or if you have given your consent (Art. 6 (1) (a) GDPR).

Under these conditions, recipients of personal data may be, for example:

8. How long will my data be stored?

If necessary, we process and store your personal data for the duration of our business relationship, which also includes, the duration of the performance of our Messaging Service.

In addition, we are subject to various storage and documentation obligations arising, inter alia, from the German Commercial Code (Handelsgesetzbuch – “HGB”) and the German Fiscal Code (Abgabenordnung – “AO”). The retention and documentation periods specified there are, e.g., 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents (Sec. 238, 257 (1) and (4) HGB, Sec. 147 (1) and (3) AO). Such storage and documentation obligations apply in particular if you conclude a contract with us.

Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sec. 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – “BGB”), are generally three years long, but can, in certain cases, also be up to thirty years.

After expiry of the storage and documentation obligations and the relevant limitation periods, we delete the data.

Log files and cookies are deleted after expiry of the above-mentioned storage periods.

9. What data protection rights do I have?

You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limitation of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions according to Sec. 34 and 35 BDSG apply to the right of access and the right of cancellation. You also have the right to object to data processing by us (Art. 21 GDPR). If our processing of your personal data is based on consent (Art. 6 (1) (a) GDPR), you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.

To assert all these rights and for further questions on the subject of personal data, please contact our hey@inspora.com or our postal address (see point 1 above) at any time.

Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU Member State where you are staying, working or allegedly infringed – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Sec. 19 BDSG).

10. Is there an obligation to provide data?

In the context of our business relationship you only have to provide the personal data which is necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without this data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.

Mandatory information is marked as such in our Messaging Service or on our Website.

11. To what extent is there automated decision making in individual cases?

We do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of a business relationship. Should we use these procedures in individual cases, we will inform you separately, where required by law.

12. Data security

We take a variety of security measures to adequately protect personal data to an appropriate extent.

All user information is stored on secure servers that are protected from access from other networks by a software firewall. Only those employees who need information to process a specific request or order have access to the data. The employees are trained in the safe handling of data.

Please see for the use of Facebook’s services Facebook’s information on data security: https://www.facebook.com/help/379220725465972?ref=dp and Facebook’s Privacy policy: https://www.facebook.com/full_data_use_policy.

13. Availability of the data protection provisions

This privacy policy can be viewed, saved, and printed as a PDF file at https://inspora.com/privacy.

Last updated: 12 June 2018