Privacy Policy

 

We are pleased that you are visiting our website. The protection and security of your personal information during the use of our website is very important to us. This Privacy Policy explains which personal data we collect when you visit our website and how we use this data.

This Privacy Policy applies to the online offer of Karina Klaus Unipessoal Lda, which is accessible under the domain karinaklaus.com and its subdomains (“our website”).

 

Who is responsible and how can you contact us?

The controller for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:
Karina Klaus Unipessoal Lda
Praceta dos Sete Castelos 1
2780-305 Oeiras
Portugal
email: [email protected]

You can contact us with any questions about data protection or to exercise your rights under GDPR at the above address or email.

 

What is this about?

This Privacy Policy fulfills the legal requirements for transparency in the processing of personal data. Personal data means any information relating to an identified or identifiable natural person. Examples include your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information that cannot be linked to you personally (or only with disproportionate effort), for example through anonymization, is not considered personal data.
The processing of personal data (such as collection, storage, use, or transfer) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legal grounds for further retention. For each type of processing, we will inform you about the specific storage periods or the criteria used to determine them. Regardless of this, we may retain your personal data in individual cases for the establishment, exercise, or defense of legal claims and where statutory retention obligations apply.

 

Who receives my data?

We only disclose your personal data processed on our website to third parties if this is necessary to fulfill the stated purposes and if the disclosure is covered by a legal basis (such as your consent or our legitimate interests). In addition, we may disclose personal data to third parties in individual cases if this serves the establishment, exercise, or defense of legal claims. Possible recipients may include law enforcement authorities, lawyers, auditors, or courts.
Where we use service providers for the operation of our website who process personal data on our behalf within the scope of a data processing agreement (Art. 28 GDPR), these service providers may also be recipients of your personal data. You will find further details on the use of processors and web services in the overview of the individual processing operations below.

 

Do we use cookies?

Cookies are small text files that are sent to your browser and stored on your device when you visit our website. Alternatively, information may also be stored in the local storage of your browser.
Some functions of our website cannot be provided without the use of technically necessary cookies or local storage. Other cookies, however, enable us to perform various analyses — for example, to recognize your browser on a repeat visit to our website and to transmit different kinds of information to us (non-essential cookies). Cookies can help us make our website more user-friendly and effective by tracking your usage patterns or remembering your preferences (such as country and language settings).
If third parties process information through cookies, this information is collected directly via your browser. Cookies do not cause any damage to your device, cannot execute programs, and cannot contain viruses.
You can find detailed information about the cookies we use in the cookie settings or consent manager on this website. For each service that uses cookies, we provide further details in the specific processing sections below.

 

What rights do you have?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:

• Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, if so, to receive information about the details of this processing as well as a copy of your data.
• Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or incomplete personal data stored by us.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data stored by us, unless processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing where the accuracy of the data is contested, the processing is unlawful, we no longer need the data but you oppose its erasure because you require it for legal claims, or you have objected to processing under Art. 21 GDPR.
• Right to data portability (Art. 20 GDPR): Where the processing is based on your consent (Art. 6(1)(a) GDPR) or on a contract (Art. 6(1)(b) GDPR) and carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format or to have it transmitted directly to another controller, where technically feasible.
• Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.
• Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw your consent at any time with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR. You can usually contact the supervisory authority of your habitual residence, your place of work, or the place of our business.

 

How are my data processed in detail?

Below, we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage period. Automated decision-making, including profiling, does not take place.

 

Provision of the Website and Web Hosting

Type and scope of processing

When you access our website, certain personal data are automatically collected by your browser and transmitted to our server. This includes your IP address, date and time of access, the URL of the requested file, the referrer URL, as well as browser type and operating system.
Our website is operated using the WordPress content management system and is hosted by Hostinger International Ltd. (Jonavos g. 60C, Kaunas 44192, Lithuania). In this context, Hostinger processes personal data on our behalf pursuant to Art. 28 GDPR to ensure the secure and reliable operation of the website.

Purpose and legal basis

The processing of this data is necessary to display our website, to ensure stability and security, and is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR.

Storage period

Logfiles are stored for technical reasons and to ensure the security of the website for a maximum of 7 days, after which they are automatically deleted. For more details, please refer to Hostinger’s privacy policy: https://www.hostinger.com/legal/privacy-policy.
 

 

Contact form

Type and scope of processing
 When you contact us via the contact form on our website, the data you enter (such as name, email address, and message content) will be transmitted to us and processed in order to handle your request. Depending on the form settings, the data may also be stored temporarily on the web server before being forwarded to us by email.

Purpose and legal basis
The processing of your data via the contact form is based on Art. 6(1)(b) GDPR if your request relates to the performance of a contract or pre-contractual measures. In other cases, processing is based on our legitimate interest in handling your inquiry (Art. 6(1)(f) GDPR).

Storage period
The data you enter in the contact form will be stored by us only as long as necessary to respond to your inquiry, unless statutory retention obligations apply.

 

Google Analytics
Type and scope of processing
We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to analyze and improve the use of our website. Google Analytics uses cookies and similar technologies to collect information about your use of the website, including your IP address, which may be transmitted to and stored by Google on servers in the United States.

We use Google Analytics only with IP anonymization enabled. This means that your IP address will be shortened by Google within the EU/EEA before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted and shortened in the USA.

Purpose and legal basis
The use of Google Analytics is based on your consent pursuant to Art. 6(1)(a) GDPR. Consent is obtained through our cookie consent manager. You may withdraw your consent at any time with effect for the future.

Storage period
The data collected via Google Analytics will be retained for up to 14 months and then automatically deleted.
Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.

Consent to the use of cookies.

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

• Your consent status or the withdrawal of consent
• Your anonymised IP address
• Information about your Browser
• Information about your Device
• The date and time you have visited our website
• The webpage url where you saved or updated your consent preferences
• The approximate location of the user that saved their consent preference
• A universally unique identifier (UUID) of the website visitor that clicked the cookie banner

Google Fonts

Our website uses external fonts provided by Google Fonts, a service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).

When you access our site, a connection is established with Google’s servers, which allows your IP address to be transmitted to Google to ensure the correct display of the font files. Google may also process this data for its own purposes in the USA.

Legal Basis: The processing of data for the integration of Google Fonts is based on your consent (Art. 6 para. 1 lit. a GDPR), which is obtained via our Consent Management Platform (CMP), or alternatively, on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in optimizing the visual presentation of our website.

Google recaptcha

To protect our forms from spam and automated abuse (bots), we use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This service analyzes various user characteristics to distinguish between human users and automated programs. This analysis begins automatically as soon as the website visitor enters the page/form containing reCAPTCHA. For the analysis, reCAPTCHA evaluates several pieces of information (e.g., IP address, time spent on the form, mouse movements, browser information, and potentially the reading speed of the text). The collected data is transferred to Google servers in the USA.

Legal Basis: The data processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in protecting our web offerings from abusive automated spying and spam. In cases where the service is not strictly necessary for the function of the site, it is loaded only after obtaining your explicit consent (Art. 6 para. 1 lit. a GDPR).

 

 

Newsletter The Sunday Solopreneur

Type and scope of processing
If you subscribe to our newsletter The Sunday Solopreneur via our website, we collect your email address, first name, the date of your subscription, and your IP address. Afterwards, you will receive a confirmation email (Double Opt-In). If you do not confirm within 72 hours, the subscription will automatically expire and your data will not be used for sending the newsletter.

We use Flodesk, Inc. as our newsletter service provider. Flodesk processes your personal data on our behalf in accordance with a Data Processing Agreement pursuant to Article 28 GDPR. Your data may be stored on servers in the United States. Flodesk is a participant in the EU–US Data Privacy Framework, which provides an adequate level of protection for personal data transferred from the EU to the US.
We do not share your data with third parties except where legally required.

Purpose and legal basis
We process your data for the purpose of sending The Sunday Solopreneur newsletter on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future in accordance with Art. 7(3) GDPR, for example by clicking the unsubscribe link in the newsletter. There is no legal or contractual obligation to provide your data, but without providing it, we cannot send you the newsletter.

Storage period
After subscribing to The Sunday Solopreneur, we store your data for a maximum of 72 hours until confirmation of your subscription. Once confirmed, we store your data until you withdraw your consent (unsubscribe from The Sunday Solopreneur). After unsubscribing, we may retain your email address for up to 7 days for technical reasons and to ensure your unsubscribe request is properly implemented.

 

Paperbell
Type and scope of processing
We use Paperbell, a service provided by Paperbell Inc., to manage our coaching services, including appointment scheduling, contract management, payment processing, and delivery of digital content. When you book services through Paperbell, your personal data (e.g. name, email address, billing information, and details of the booked service) are processed by Paperbell on our behalf. Payments are processed separately through Stripe or PayPal.

Purpose and legal basis
The use of Paperbell is based on Art. 6(1)(b) GDPR (performance of a contract) as the processing of your data is necessary to provide our services. In addition, the use of Paperbell is based on our legitimate interest in providing a secure and efficient booking and payment process (Art. 6(1)(f) GDPR).

International transfers
Paperbell Inc. is located in the United States. Data transfers to the USA are based on the EU–US Data Privacy Framework (EU–US DPF) where applicable. If the recipient is not certified under the EU–US DPF, transfers rely on Standard Contractual Clauses pursuant to Art. 46 GDPR.

Storage period
The specific storage period of your data is determined by Paperbell Inc. and may depend on the type of service booked and legal obligations. Further details can be found in Paperbell’s privacy policy: https://paperbell.com/privacy.

 

Presence on social media platforms
We maintain so-called fan pages, accounts, or channels on the social networks listed below in order to provide you with information and offers within social networks, to give you additional ways to contact us, and to inform you about our services.
When you access and use our fan pages/accounts, personal data may be processed both by us and by the respective social network. Below we inform you which data we, and which data the respective social network, may process in connection with the access and use of our social media presences.

Personal data we collect when you contact us
If you contact us via Messenger or Direct Message through a social network, we usually process your username used to contact us, as well as any other data you provide, insofar as this is necessary to process and respond to your inquiry.
The legal basis for this processing is our legitimate interest in communicating with users and customers (Art. 6(1)(f) GDPR).
(Aggregated) usage data we receive from social networks
We receive statistics made available automatically through the “Insights” functionalities of the respective networks. These statistics include, for example, the total number of page views, “likes”, information on page activities and post interactions, reach, video views, and demographic breakdowns (e.g. gender distribution of our followers).
These statistics only contain aggregated data and cannot be linked to individual persons. We cannot identify you personally through this information.

Which data the social networks process
You do not need to be a member of the respective social network or have a user account in order to view the content of our fan pages/accounts.

Please note, however, that when you access the respective social network, data is collected and stored by the network even from visitors without a user account (e.g. technical data necessary to display the website). The networks also use cookies and similar technologies, over which we have no influence. For details, please refer to the privacy policies of the respective social networks (see the links above).

If you wish to interact with content on our fan pages/accounts — for example by commenting on, sharing, or liking posts, or contacting us via Messenger functions — prior registration with the respective social network and the provision of personal data is required.

We have no influence over the data processing carried out by the social networks during your use. To our knowledge, your data is in particular stored and processed in connection with the provision of the network’s services, for the analysis of user behavior (using cookies, pixels/web beacons, and similar technologies), and for the display of advertising based on your interests both within and outside the respective social network. It cannot be excluded that your data is also stored outside the EU/EEA and may be passed on to third parties by the social networks.

For information on the exact scope and purposes of processing your personal data, the storage periods/deletion policies, as well as the use of cookies and similar technologies in the context of registration and use of the social networks, please consult the privacy policies and cookie policies of the respective networks. There you will also find information on your rights and options to object.

 

LinkedIn Page

When you visit our LinkedIn page, LinkedIn processes, among other things, your IP address and other information stored on your device in the form of cookies. This information is used to provide us, as the operator of the LinkedIn page, with statistical information about the use of our page. Further details on this can be found here: https://www.linkedin.com/help/linkedin/answer/4499.

The statistical information provided to us by LinkedIn is aggregated and does not allow us to draw conclusions about individual users. We use these insights only to better understand the interests of our users, to continuously improve our online presence, and to ensure the quality of our content.

We collect your data via our LinkedIn page only if you actively provide it to us, for example by sending messages, commenting on posts, or otherwise interacting with us. This usually includes your name, message content, and any profile information you make “public” on LinkedIn.

The processing of your personal data for the purposes stated above is based on our legitimate business and communication interest in offering an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you as a user have given consent to LinkedIn for data processing, the legal basis for processing is Art. 6(1)(a) GDPR.
Since the actual data processing is carried out by LinkedIn, our access to your data is limited. Only LinkedIn is entitled to full access to your data. Therefore, the most effective way to exercise your data subject rights (such as access, deletion, objection, etc.) is to contact LinkedIn directly.

We are jointly responsible with LinkedIn for the processing of so-called “Page Insights” data. The primary responsibility for the processing of Insights data lies with LinkedIn, which fulfills all obligations under the GDPR with regard to the processing of Insights data. The essential information about this joint processing can be found here: https://legal.linkedin.com/pages-joint-controller-addendum.

We do not make decisions regarding the processing of Insights data or the storage duration of cookies on user devices.
Further information on the exact scope and purposes of LinkedIn’s data processing, storage periods, and cookie policies, as well as your rights and options to object, can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

 

Facebook Page

When you visit our Facebook page, Facebook (Meta) processes, among other things, your IP address and other information stored on your device in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of our page. Further details on this can be found here: https://www.facebook.com/help/pages/insights.

The statistical information provided to us by Facebook is aggregated and does not allow us to draw conclusions about individual users. We use these insights only to better understand the interests of our users, to continuously improve our online presence, and to ensure the quality of our content.

We collect your data via our Facebook page only if you actively provide it to us, for example by sending messages, commenting on posts, or otherwise interacting with us. This usually includes your name, message content, and any profile information you make “public” on Facebook.

The processing of your personal data for the purposes stated above is based on our legitimate business and communication interest in offering an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you as a user have given consent to Facebook for data processing, the legal basis for processing is Art. 6(1)(a) GDPR.

Since the actual data processing is carried out by Facebook, our access to your data is limited. Only Facebook is entitled to full access to your data. Therefore, the most effective way to exercise your data subject rights (such as access, deletion, objection, etc.) is to contact Facebook directly.

We are jointly responsible with Facebook for the processing of so-called “Page Insights” data. The primary responsibility for the processing of Insights data lies with Facebook, which fulfills all obligations under the GDPR with regard to the processing of Insights data. The essential information about this joint processing can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

We do not make decisions regarding the processing of Insights data or the storage duration of cookies on user devices.
Further information on the exact scope and purposes of Facebook’s data processing, storage periods, and cookie policies, as well as your rights and options to object, can be found in Facebook’s privacy policy: https://www.facebook.com/policy.php.

 

Pinterest Profile
We maintain a business profile on Pinterest to share content and to make our services more visible to interested users. When you visit our profile or interact with our Pins, Pinterest collects personal data, such as your IP address, device information, and your interactions with Pins, boards, and ads. Pinterest uses this data to provide us, as the operator of a business account, with aggregated statistics on how our content is used (Pinterest Analytics). Further information on this is available here: https://help.pinterest.com/en/article/personalization-and-data.

The statistical information provided to us by Pinterest is aggregated and does not allow us to identify individual users. We use this data only to better understand the interests of our users, to improve our content, and to make our profile more relevant.
We only receive personal data from you if you actively interact with us on Pinterest (for example, by commenting on a Pin or sending us a message). In this case, we process your name, message content, and any profile information you have made “public” on Pinterest, insofar as this is necessary to respond to your inquiry.

The processing of your personal data for these purposes is based on our legitimate interest in providing an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you have given consent to Pinterest for data processing, the legal basis is Art. 6(1)(a) GDPR.

Since the main data processing is carried out by Pinterest, our access to your personal data is limited. To exercise your rights as a data subject (access, deletion, objection, etc.), it is most effective to contact Pinterest directly.

Further details on how Pinterest processes your personal data, storage periods, and your rights can be found in Pinterest’s privacy policy: https://policy.pinterest.com/en/privacy-policy.

 

Flodesk

Type and scope of processing
We have integrated components of the Flodesk service on our website. Flodesk is a service of Flodesk, Inc., based in the United States, and provides email marketing automation for businesses.

Flodesk is used to store and transfer data entered into forms via cookies, to send marketing emails and automated messages, and to create targeted campaigns. In addition, Flodesk enables us to analyze whether emails have been opened, how many users have received an email, and whether users unsubscribed after receiving an email.
Your data is transmitted to Flodesk, Inc., 3540 Clemmons Road, Suite 201, Clemmons, NC 27012, USA.

Purpose and legal basis
The use of Flodesk takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR (and, where applicable, § 25(1) TTDSG / ePrivacy rules for the use of cookies and tracking technologies).

Storage period
The exact storage period of the processed data cannot be influenced by us but is determined by Flodesk, Inc. Further information can be found in the Flodesk privacy policy: https://flodesk.com/privacy-policy.

 

CDNJS (Content Delivery Network)

Type and scope of processing
We use CDNJS, a service provided by Cloudflare, Inc., as a Content Delivery Network (CDN) to ensure the proper and efficient delivery of the content on our website.

A CDN helps to deliver content of our online offering, especially files such as graphics or scripts, more quickly by using servers distributed regionally or internationally. When you access this content, a connection is established to servers of Cloudflare, Inc., and your IP address as well as browser data (such as your user agent) may be transmitted. These data are processed solely for the purposes mentioned above and to maintain the security and functionality of CDNJS.

Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, namely our interest in the secure and efficient provision as well as optimization of our online offering, pursuant to Art. 6(1)(f) GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Such transfers take place on the basis of an adequacy decision of the European Commission (Art. 45(1) GDPR), where applicable. Cloudflare, Inc. participates in the EU–US Data Privacy Framework (EU–US DPF), which provides an adequate level of protection for data transfers to certified US companies.

In cases where no adequacy decision exists (including for US companies not certified under the EU–US DPF), we have entered into appropriate safeguards with the recipients of the data pursuant to Art. 44 et seq. GDPR. These safeguards generally consist of the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021). A copy of these Standard Contractual Clauses is available here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914.

Furthermore, before such third-country transfers we may obtain your consent pursuant to Art. 49(1)(a) GDPR via our Consent Manager (or other forms/registrations). We inform you that such transfers may involve risks (e.g. processing of your data by public authorities in the third country, the exact scope and consequences of which are unknown to us and beyond our control).

Storage period
The exact storage period of the processed data is not determined by us, but by Cloudflare, Inc. Further details can be found in the Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/.

 

Typeform

Type and scope of processing
We have integrated Typeform on our website. Typeform is a service provided by Typeform S.L., which allows us to create online forms and surveys for our website.

Typeform is used to process the data you enter into forms, e.g. when contacting us via a contact form or when signing up for a newsletter. The information provided may be stored in our Customer Relationship Management (CRM) system.
In this case, your data is transferred to the operator of Typeform, Typeform S.L., Carrer de Bac de Roda, 163, local, 08018 Barcelona, Spain.

Purpose and legal basis
We process your data using Typeform for the purpose of handling your contact request and its administration in accordance with Art. 6(1)(b) GDPR.
The use of the service is also based on our legitimate interests, namely the optimization of our marketing activities and the improvement of our service quality, pursuant to Art. 6(1)(f) GDPR.

Storage period
The exact storage period of the processed data is not determined by us but by Typeform S.L. Further details can be found in Typeform’s privacy policy: https://admin.typeform.com/to/dwk6gt/.

 

Vimeo Video

Type and scope of processing
We have integrated Vimeo videos on our website. Vimeo is a service provided by Vimeo, LLC, which allows users to upload, share, and stream video content as well as access detailed statistics.
Vimeo enables us to embed video content directly into our website.

When you access such content, a connection is established to servers of Vimeo, LLC, 555 W 18th St, New York, NY 10011, USA. Your IP address and browser data (e.g. user agent) may be transmitted in this process. Vimeo uses cookies and similar technologies to evaluate user behavior, recognize returning users, and create user profiles. This information is also used to analyze activity and generate reports.

Purpose and legal basis
The use of Vimeo is based on your consent pursuant to Art. 6(1)(a) GDPR and, where applicable, § 25(1) TTDSG (for setting cookies or similar technologies).

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Such transfers are made on the basis of an adequacy decision of the European Commission (Art. 45(1) GDPR). Vimeo, LLC participates in the EU–US Data Privacy Framework (EU–US DPF), which provides an adequate level of protection for certified US companies.

Where no adequacy decision exists (including for US companies not certified under the EU–US DPF), we rely on other appropriate safeguards pursuant to Art. 44 et seq. GDPR. These usually consist of the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021). A copy of these Standard Contractual Clauses can be accessed here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914.

In addition, before such third-country transfers we may obtain your consent pursuant to Art. 49(1)(a) GDPR via our Consent Manager (or other forms/registrations). Please note that such transfers may involve risks (e.g. data processing by public authorities in the third country, the exact scope and consequences of which are unknown to us and beyond our control).

Storage period
The exact storage period of the processed data is determined by Vimeo, LLC and is not within our control. Further details can be found in Vimeo’s privacy policy: https://vimeo.com/privacy.