Below, we provide information about the processing of personal data when you use our website vivasio.com and our social media profiles. Personal data refers to any data that can be linked to a specific individual, such as their name or IP address.
1 Name of the person Responsible
The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the:
VIVASIO GmbH i.G.
Torstraße 105-107
10119 Berlin
Germany
Managing Director: Fabian Berkemeier
E-mail: letsgo@vivasio.com | Website: www.vivasio.com
2 Data Protection Officer
You can contact our external data protection officer under:
heyData GmbH
Schützenstraße 5 | 10117 Berlin | www.heydata.eu
E-Mail: datenschutz@heydata.eu
3 Scope, Purposes and Legal Bases of Processing
We detail the scope of data processing, the purposes of processing, and the legal bases in the sections below. In general, the following legal bases under Art. 6 GDPR may apply:
- Art. 6 (1) sentence 1 lit. a GDPR** serves as our legal basis for processing operations for which we obtain consent.
- Art. 6 (1) sentence 1 lit. b GDPR** is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. when we provide services for you. This legal basis also applies to processing required for pre-contractual measures, such as when responding to inquiries about our services.
- Art. 6 (1) sentence 1 lit. c GDPR** applies if we are required to process personal data to fulfill a legal obligation, e.g. in connection with tax or accounting obligations.
- Art. 6 (1) sentence 1 lit. f GDPR** is the legal basis when we can rely on legitimate interests to process personal data, for example to operate, analyze, and secure our website.
4 Transfer of Personal Data to Third Countries
Insofar as we transfer personal data to service providers or third parties based in countries outside the European Economic Area (EEA), the transfer will only take place if an adequate level of data protection has been confirmed in the third country by an EU Commission adequacy decision, if appropriate safeguards have been put in place (e.g. EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR), or if you have given your explicit consent.
Where data is transferred to service providers in the USA, the legal basis for the transfer is an adequacy decision of the EU Commission to the extent the provider is additionally certified under the EU–US Data Privacy Framework. In other cases (e.g. where no adequacy decision exists), the legal basis for the transfer is, as a rule and unless we indicate otherwise, Standard Contractual Clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. Pursuant to Art. 46 (2) lit. c GDPR, they ensure the security of the data transfer. Many providers have given contractual guarantees that go beyond the Standard Contractual Clauses to protect the data.
5 Storage Duration
Unless explicitly stated otherwise in this Privacy Policy, we store personal data only for as long as necessary to fulfill the purposes pursued or as required by statutory retention obligations (in particular under commercial and tax law).
6 Data Stored on Visitors' Terminal Devices
Our website stores information on the terminal devices of website visitors (e.g. cookies) or accesses information already stored on those terminal devices (e.g. IP addresses). Which information this is in detail can be found in the following sections. This storage and access takes place on the basis of the following provisions:
- Insofar as this storage or access is strictly necessary for us to provide the service of our website expressly requested by website visitors (e.g. to ensure the IT security of our website or to operate a contact form), it is carried out on the basis of § 25 (2) no. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG). The associated processing of personal data is then based on Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in providing the functions of our website.
- Insofar as the storage or access does not serve to provide a service of our website expressly requested by website visitors, it is carried out on the basis of consent in accordance with § 25 (1) TDDDG, which is obtained via our cookie banner. The associated processing of personal data is then based on Art. 6 (1) sentence 1 lit. a GDPR.
7.Hosting
Our website is hosted by Wix.
The provider is Wix.com Ltd., 6350671 Tel Aviv-Yafo, Yigal Allon St 40, Israel ("Wix"). When you visit our website, Wix processes meta/communication data (e.g. device information, IP addresses, browser type, operating system, referrer URL, time of access) in order to deliver the website to your browser and to ensure the stability and security of the website.
The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in providing a stable and secure website.
Wix is based in Israel. For Israel, an EU Commission adequacy decision pursuant to Art. 45 GDPR exists.
The data will be deleted as soon as the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.wix.com/about/privacy.
8 Contact via Email
You can contact us via the email addresses provided on our website (in particular letsgo@vivasio.com as well as the individual team email addresses on the "Who we are" page). In this case, the personal data transmitted with the email (your email address, name where provided, and the content of your message) will be stored by us in order to process your inquiry.
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR, insofar as your inquiry relates to the initiation or performance of a contract, and otherwise Art. 6 (1) sentence 1 lit. f GDPR based on our legitimate interest in responding to inquiries effectively.
The data will be deleted when the purpose of its collection no longer applies and no statutory retention obligations prevent deletion.
9 Contact Form
On our website, we offer a contact form that you can use to get in touch with us. When you submit the form, we process the data you enter (in particular your name, email address, and the content of your message) in order to process your inquiry.
The form is provided as part of our website by Wix.com Ltd., 6350671 Tel Aviv-Yafo, Yigal Allon St 40, Israel. Wix processes the data on our behalf as a processor pursuant to Art. 28 GDPR.
The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR, insofar as your inquiry relates to the initiation or performance of a contract, and otherwise Art. 6 (1) sentence 1 lit. f GDPR based on our legitimate interest in responding to inquiries effectively.
The data will be deleted when the purpose of its collection no longer applies and no statutory retention obligations prevent deletion.
Further information is available in the provider's privacy policy at https://www.wix.com/about/privacy.
10 Web Analytics: Google Analytics 4
We use Google Analytics 4 for the analysis of our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies and similar technologies that enable an analysis of your use of our website. The information generated about your use of the website is generally transferred to a Google server in the USA and stored there. IP addresses are shortened ("IP anonymization") within the EU/EEA before being transmitted to Google in the USA, so that no direct conclusions can be drawn about your identity.
The provider processes usage data (e.g. pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for the processing is Art. 6 (1) sentence 1 lit. a GDPR. The processing is based on consent. You may revoke your consent at any time by adjusting your cookie settings via our cookie banner or by contacting us using the contact details provided in this Privacy Policy. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
The transfer of personal data to a country outside the EEA takes place on the legal basis of an adequacy decision insofar as Google LLC is certified under the EU–US Data Privacy Framework. Where this is not the case, the transfer is based on EU Standard Contractual Clauses.
The data will be deleted when the purpose of its collection no longer applies and no statutory retention obligations prevent deletion. Further information is available in the provider's privacy policy at https://policies.google.com/privacy.
11 Consent Management: Usercentrics
We use Usercentrics for consent management on our website. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany ("Usercentrics").
When you visit our website, Usercentrics collects consent information (opt-in and opt-out information, consent ID, time of consent, template version, and banner language), the referrer URL, the user agent, and the IP address in order to document your consent choices and ensure compliance with statutory requirements.
The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for the processing is compliance with a legal obligation pursuant to Art. 6 (1) sentence 1 lit. c GDPR.
The data will be deleted after one year. Further information is available in the provider's privacy policy at https://usercentrics.com/privacy-policy/.
12 Social Media: LinkedIn
We maintain a profile on LinkedIn that is linked from our website. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").
When you click on the link to our LinkedIn profile, you will be redirected to the LinkedIn platform. The mere placement of the link does not, in itself, transmit personal data to LinkedIn. Once you arrive on LinkedIn's pages, however, LinkedIn processes personal data (e.g. IP address, device information, usage data) in accordance with its own privacy policy.
Insofar as we, together with LinkedIn, are jointly responsible for the processing of personal data of visitors to our LinkedIn page (in particular with respect to LinkedIn Page Insights), this is carried out on the basis of a joint controller agreement pursuant to Art. 26 GDPR. The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in presenting our company and our services on social media.
Further information is available in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.
13 Rights of Data Subjects
As a data subject, you have the following rights under the GDPR:
- Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we process about you.
- Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data concerning you.
- Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data, provided that the legal requirements are met.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data.
- Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.
- Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw any consent you have given at any time with effect for the future. The lawfulness of processing based on consent before its withdrawal is not affected.
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59–61, 10555 Berlin.
To exercise your rights, you can contact us at any time using the contact details provided in section 1, or our data protection officer using the contact details provided in section 2.
14 Right to Object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) sentence 1 lit. e or f GDPR, pursuant to Art. 21 GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.
15 Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy with effect for the future. The current version is always available on this page.
Privacy Policy
Last update: 15.05.2026
Your privacy is important to us. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.