We are very pleased about your interest in our company. Data protection has a particularly high priority at heynannyly. Every user should always be informed about which personal data (hereinafter "data
") heynannyly processes.
Please never hesitate to contact us if anything is unclear. Data protection case law and decision-making practice is always developing dynamically and we always try to keep up with it. However, should we unexpectedly run into an "issue", please do not hesitate to contact us via the contact details provided by the data protection responsible, in particular via firstname.lastname@example.org. We will then take care of your concern immediately.
The term "user
" is to be understood broadly in the following. It includes parents who register with heynannyly as well as nannies and pure visitors to our site who do not register. The term is also to be understood as gender-neutral.
This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer. The data protection declaration applies irrespective of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.
We process data strictly in compliance with the relevant data protection regulations. That's kind of obvious, but it's also a matter of course for us. Because your data is important to us.
In other words, this means that the data is only processed with legal permission. In addition, we inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.
With regard to the processing of personal data on the basis of the Data Protection Regulation (DSGVO), we would like to point out that the legal basis for consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b DSGVO, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f DSGVO. .Person responsible
Responsible for the data processing of this website in the sense of Art. 4 No. 7 DSGVO is:
Am Galgenberg 21
registration number: HRB 19498
managing directors: Anna Schneider & Julia Kahle
telephone: +49 175 1156455
Data subject rights
In accordance with Art. 15 DSGVO, you have the right to request information about the data we have processed about you.In addition, you can object to the processing of your data at any time, insofar as the requirements of Art. 21 DSGVO are met, and revoke any consent you may have given to the processing of the data at any time.
If the consent to data processing is revoked or the use of the data is objected to, this does not affect the lawfulness of the data processing until the time of the revocation or objection.
Furthermore, you can have the data processed by us corrected, restricted or deleted at any time. We expressly point out that there may be legal obligations - such as storage obligations - to continue to store data. We will be happy to inform you in individual cases. In this case, the data can only be restricted.
You also have the right to data portability according to Art. 20 DSGVO as well as the right to complain to a supervisory authority according to Art. 77 DSGVO. If you have any questions, please contact email@example.com
We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
The security measures include in particular the encrypted transmission of data between your browser and our server.
Data processing for mere use of the website
Without internet protocol addresses, or "IP addresses" for short, the internet would not function - to put it very simply. In computer networks, an IP address is an address that can be used to address and reach web servers and/or individual end devices. Without an IP address, the web server and the end devices cannot communicate - and thus cannot display anything.
The web server on which the heynannyly platform is hosted is therefore "pinged" by you, so to speak. In order to provide you with the data, the web server must know your IP address. Consequently, the web server must also save your IP address at the moment of the data request. For this purpose, the web server receives information about which website or file was accessed, which browser and which operating system was used. This is called a log file. Normally, this data is stored in the log files for a long time.
We store the IP addresses and the log files for 60 days in order to quickly detect brutforce attacks and other manipulations and to be able to take countermeasures.
The legal basis for this data processing is Art. 6 para. 1 lit. b DSGVO, as we need your IP address and the other automatically transmitted data mentioned here in order to be able to transmit the website and the information contained therein to you. Further storage for the purpose of technical support of our IT security is based on Art. 6 lit. f as we have a legitimate interest in protecting our services from attacks and manipulation.
Yes, even heynannyly has to tell you something about the best-known biscuits among data protection lawyers. Cookies are small text files that are stored on the computer by websites in order to make the site usable at all, for example, by storing the status of a shopping basket for a session or by specifying that no cookies may be stored (so-called necessary cookies), orto define the user's preferences in the long term or to be able to personalise content (so-called preference cookies)or to enable the analysis of the use of the website (so-called statistics cookies) or to be able to hand over information on users to third parties (so-called marketing cookies).
According to the Data Protection Conference, cookies may only be set without consent if they are technically necessary for the operation of the site. Of course, we adhere to this.
When you visit our website for the first time, a cookie banner is displayed. You can use this cookie banner to decide which cookies you accept.
By the way: You can prevent any installation of cookies by preventing the installation of cookies through a corresponding setting in the browser software (to be found under "Settings" in most browsers); however, it should be noted that in this case not all functions can be used to their full extent.Furthermore, cookies that have already been set can also be deleted (also found under "Settings" in the browser).
The heynannyly platform has no memory per se. Each call to a (sub-)page is counted as a new visit. This is unfortunate if you - like you as a user - want to log in to the heynannyly platform again. We hope so too, because we want to offer you an easy service that you like to use.
Therefore we use session cookies. This cookie is used to assign a so-called user ID, so that we or the technology can (re-)recognise that it is you. This cookie is stored persistently, i.e. long-term, in order to make working with the application more comfortable for you. However, no personal data is processed with this cookie itself.
The Sentry cookie is a persistent cookie. The cookie and the associated data processing are based on Art. 6 para. 1 lit. f DSGVO. heynannyly has a legitimate interest in using tools that can quickly detect errors in the technical process. We assume that this is also in your interest and the interest of all users.
Furthermore, the tracking service Universal Analytics (formerly: Google Analytics) is integrated on heynannyly. Universal Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google
Universal Analytics is a web analysis tool that helps to analyse the interaction of visitors with the online platform and thus to further improve the online platform. For this purpose, several cookies are set by Google. These cookies allow the processing of the following data:
● browser type,
● the operating system used,
● the IP address (shortened)
● time of the server request
● user IDs
The information usable by the cookie about the use of this website is generally transmitted to a Google server in the USA and stored there.
However, we have activated IP anonymisation on our online platform. Due to this, the IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On our behalf, Google will use the above information for the purpose of evaluating your use of the website, compiling reports on the use of the heynannyly platform and providing other services relating to website activity to the website operator. The IP address transmitted by your browser as part of Universal Analytics will not be merged with other Google data.
Google uses the user ID to create a specific user profile about you. If registered users log in via several devices, we can recognise from this user ID with the help of Google Analytics that it is you who has logged in with the devices (so-called cross-device tracking). This information is passed on to Google by means of a random ID.
For this form of tracking, we obtain your specific consent in accordance with the opinion of the DSK. This is because you yourself determine whether we may set cookies for statistical purposes. If you deny this, no cookies will be set.
This form of data processing is therefore based on Art. 6 I a) in conjunction with Art. 7 DSGVO.
Google is also bound to us under data protection law via an order processing agreement.
In addition, you can prevent the collection of the data generated by the cookie and related to the use of the website (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Hosting Webflow CDN
This website is hosted on Webflow's Content Delivery Network (CDN). This is a service provided by Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, California, 94103.
The Webflow CDN makes duplicates of a website's data available on various Webflow servers distributed around the world. This results in faster website loading times, higher reliability, protection against brute force attacks and increased protection against data loss. A large part of the elements and the source code of this website are retrieved from the Webflow CDN when the page is called up. Through this retrieval, your IP address is transferred anonymously to Webflow servers in other EU countries and stored there for 24 hours. This anonymised storage for 24 hours serves as protection against brute force attacks.
The use of the Webflow CDN is in the interest of higher website reliability, increased protection against data loss, protection against brute force attacks and better loading speed of this website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
This website uses the Cloudfront Content Delivery Network (CDN). This is a service provided by Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN makes duplicates of a website's data available on various Amazon Web Services (AWS) servers distributed around the world. This provides faster website load times, increased resilience and increased protection against data loss.
Some of the images and videos embedded on this website are retrieved from Cloudfront CDN when the page is accessed. Through this retrieval, information about your use of our website (such as your IP address) is transmitted to Amazon servers in other EU countries and stored there. This happens as soon as you enter our website.
The use of Amazon Web Services and the Amazon CDN Cloudfront is in the interest of higher website reliability, increased protection against data loss and better loading speed of this website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. You can find out more about the data protection measures of Amazon Web Services at: https://aws.amazon.com/de/compliance/gdpr-center/.
If you sign up for our newsletter, we will of course need your email address to send you the newsletter. With the newsletter, we inform you about what is going on at heynannyly, e.g. in which cities heynannyly is available.
The legal basis for sending the newsletter is Art. 6 para. 1 lit. a DSGVO. You can revoke your consent to receive the newsletter at any time with effect for the future. To do so, you simply need to inform us of your revocation or click on the unsubscribe link contained in each newsletter. We obtain your consent as part of the double opt-in process. In this process, you first register for our newsletter and then receive an e-mail with a reference to this information on data processing and a confirmation link. Only after you have clicked on the confirmation link do we include you in the newsletter distribution list. We do this to ensure that you have actually registered your e-mail address with us and are therefore also interested in heynannyly.
For the aforementioned verification purposes, we log your registration for the newsletter, for this purpose we store the registration and confirmation time as well as your complete IP address at the time of registration or confirmation. We process this data on the basis of Art. 6 Para. 1 lit. f DSGVO, as we have a legitimate interest in proof of registration by you in the event of any legal disputes. Furthermore, we would like to inform you that we use the newsletter service Mailchimp of the Rocket Science Group LLC. for the purpose of sending our newsletter. Rocket Science Group LLC (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) is a US company. As a result, your data will be processed in the USA.
If you do not give the above-mentioned consent or do not want data to be transferred to the USA in the aforementioned context, we unfortunately cannot offer you the newsletter. These are initially data such as IP address, date, time and visited page. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and possibly published. If the user wants to prevent the collected information from being directly assigned to his/her user account, he/she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
heynannyly also runs a Facebook Fanpage. This is to draw attention to the offer of heynannyly. In June 2018, the European Court of Justice ruled that page operators of a Facebook fan page, i.e. heynannyly and Facebook, are jointly responsible under data protection law within the meaning of Article 26 of the GDPR.
The joint controllers are therefore (i) Facebook and (ii) heynannyly. For the division of tasks between Facebook and heynannyly under data protection law, see the following paragraphs and the supplement published by Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook creates various anonymous statistical data on a Facebook fan page in the form of so-called page insights (more on page insights can be found here: https://www.facebook.com/business/pages/manage#page_insights
As the operator of the fan page, we have no influence on the generation, presentation and processing of the insights data. We do not receive an allocation of individual data records to specific users. However, this data is generated by Facebook with the help of so-called cookies. We can only set certain parameters as to which data is collected from which target groups. You can find out which information is used by Facebook in the "Information on Page Insights Data" provided by Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data
The operation of the Facebook fan page and the processing of your personal data is based on the exercise of legitimate interests (Art. 6 para. 1 lit. f DSGVO).
In this case, Facebook is responsible for the assertion of data subject rights. This results from the following statement: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook has undertaken to assume responsibility in this. "Facebook Ireland agrees to assume primary responsibility under the GDPR for the processing of Insights Data and to comply with all obligations under the GDPR with respect to the processing of Insights Data (including but not limited to Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR and Articles 32 to 34 of the GDPR).(...)." Therefore, please contact Facebook directly in this regard.
On this website you can find out more about your rights and how you can exercise them: https://www.facebook.com/legal/terms/information_about_page_insights_data
Kommunikation via WhatsApp
You have the option to contact us via the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. In the process, we process the following personal data, for example: First and last name, profile picture and messages/pictures that you send to us via WhatsApp.
As an alternative communication channel to WhatsApp, you can also contact us via our contact form.
If you contact us via WhatsApp, the legal basis is your consent according to Art. 6 para. lit. a DSGVO. You can revoke your consent to storage at any time. Mandatory legal provisions - in particular retention periods - remain unaffected.Contact form
When contacting heynannyly via the contact form, the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b DSGVO.
Other communication services (Zendesk, Twilio)
We use online communication services from third-party providers via which you can communicate with us by video, chat or similar.
Depending on the communication service, data of the following types may be processed and stored on the servers of the third-party provider:
● access data and participant data such as first name, last name, telephone (optional), email address, profile picture (optional).
● meeting metadata: Duration of the meeting; start and end (time) of participation of persons, name and description of the meeting, scheduled date / time of the meeting, chat status, IP addresses of the end devices used for participation as well as other device/hardware information (MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or loudspeaker, type of connection, etc.)
● in the case of dial-up with the telephone: information on the incoming and outgoing call number, country name, start and end time and other information shared during the use of the service, possibly other connection data such as the IP address of the device
● audio and video data if you share your terminal's microphone or camera, and possibly text data about chat, question or poll functions.
Depending on the communication service, the contents of the communication may be encrypted. The legal basis for processing personal data from you that we collect via the communication services is your consent pursuant to Art. 6 para. 1 lit. a DSGVO (e.g. in the recording of a video conference), the performance of the contract pursuant to Art. 6 para. 1 lit. b DSGVO (insofar as the communication takes place for the performance of the contract or for the performance of pre-contractual measures that take place at your request) and/or our legitimate interests in communication in an appropriate manner (Art. 6 para. 1 lit. f DSGVO).
Online communication services used are:
● Twilio, San Francisco (HQ), CA, United States, 375 Beale St #300, San Francisco.
● Zendesk GmbH c/o TaylorWessing, Neue Schönhauser Str. 3-5, 10178 Berlin, Germany
heynannyly uses the tool Firebase, an analysis and monitoring tool, on the website. The service provider is Google. For the European area, the company Google Ireland Limited (Google Building Gordon House, Barrow St, Dublin 4, Ireland) is responsible for all services.
Google also processes your data in the USA, among other places. We would like to point out that according to the ECJ, there is currently no adequate level of protection for data transfer to the USA. The basis for data processing is therefore the standard contractual clauses, which are intended to ensure that your data comply with European data protection regulations even if they are transferred to third countries (e.g. the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing the data, even if the data is stored or processed in the USA. The basis for the standard contractual clauses is in turn an implementing decision of the EU Commission.
Github also processes data from you in the USA, among other places. We would like to point out that according to the ECJ, there is currently no adequate level of protection for data transfer to the USA. The basis for data processing is therefore the standard contractual clauses, which are intended to ensure that your data comply with European data protection regulations even if they are transferred to third countries (for example, the USA) and stored there.
Through these clauses, Google undertakes to comply with the European level of data protection when processing the data, even if the data is stored or processed in the USA. The basis for the standard contractual clauses is in turn an implementing decision of the EU Commission.
TikTok is a video portal. It is used to lip-sync music videos and other short video clips. TikTok is operated by the Chinese company ByteDance.
The legal basis for the use is Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time and object to processing based on a balance of interests in accordance with Art. 21 DSGVO.
If you have given us consent, TikTok will use your data to show you personalised advertising.
TikTok processes your data for various purposes, including to provide its services, to notify users of changes to the services, to provide support to users, to allow users to share user content with other users, to develop new services or to comply with legal obligations.
Duration of storage TikTok retains data for as long as necessary to provide the service to users, to fulfil its contractual obligations and to exercise its rights in relation to the information concerned. When a user requests TikTok to delete their account, the account will initially be deactivated for a few weeks. Subsequently, the account will be deleted. At the same time, the user's personal data relating to the in-app messaging function will also be deleted. Messages that you have sent to other users of the TikTok service will remain stored on their devices.
Within our online offer, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) f) DSGVO) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.
12.2 The following presentation provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in part already mentioned here, possibilities of objection (so-called opt-out):
● Videos from the "Vimeo" platform: Data from your browser or end device is transmitted to the Vimeo server. It is also transmitted which website you have visited. However, this information is not directly attributable to you unless you have registered with Vimeo or other Google services in advance. The Vimeo content is displayed in "extended data protection mode". This mode is offered by Vimeo. In this mode, Vimeo ensures that it does not store any cookies on your device. For the use of data from your browser or terminal device in connection with the playing of a video, we refer to the data protection information of the provider: Vimeo, LLC, 555 West 18th Street, New York 1
Data processing for registered users
When registering nannies, they are obliged to provide the first name, surname, address, date of birth, information on whether the nanny is self-employed or is to be employed by the user as part of a marginal employment.
The legal basis for the collection of data is Art. 6 para. 1 lit. b DSGVO.
, to which heynannyly assigns its payment claim. Stripe collects the invoice amount from the user's specified account. In the event of assignment, payment can only be made to Stripe with debt-discharging effect.
By participating in the competition, you expressly agree that heynannyly may use and store the data required for the implementation of the competition within the framework of data protection regulations until the end of the competition.
The legal basis is Art. 6 para. 1 lit. a DSGVO.
The purpose of the data collection is the implementation of a competition. The data will be deleted within six months after the end of the competition.
Duration of processing / deletion periods
Nothing is forever. That's exactly how it should be with the data we process from you.
Deletion periods for IP addresses, log files and session cookies
The IP address and the data in the log files are only temporarily stored in the web server log files to establish the connection and are then stored for 60 days for the purpose of detecting attacks and manipulation and then immediately deleted.
As shown, persistent cookies are used. However, these do not store any personal data and can be deleted by you at any time. (under "Settings" in the browser).
Deletion periods in the context of newsletter subscriptions
We use your email address for the purpose of sending you emails until you no longer want to receive heynannyly or your kids are too old, for example (why else would you unsubscribe 😊) and you unsubscribe from our newsletter.
After you unsubscribe, we delete your email address from the newsletter email distribution list. Deletion periods for customer data with regard to business processing
Customer data - regardless of the service for which it is processed - is stored for up to 10 years in accordance with the statutory retention periods from § 257 para. 4 HGB, § 147 para. 3 AO and then deleted. The period begins with the end of the calendar year in which the respective data was collected.
If a contractual relationship is terminated before the end of the period, the customer data shall be limited to the purposes of retention in accordance with Art. 18 DSGVO and the data shall be deleted upon expiry of the period. The above does not apply if the contractual relationship lasts for a period of 10 years, in which case data relating to the contractual relationship and which are necessary for further optimal support of the customer may continue to be processed until the end of the customer relationship.
Deletion periods regarding user profiles
We are aware that the nannies are not needed by you every day. Even if we are there for you 24/7. Since we want to be economical with the data and do not want to accumulate "data corpses" in the basement, we also delete the user profiles after a longer period of inactivity.
If you do not log in to heynannyly for 6 months, we will delete your user profile. Before we do this, we will send you an email with the notice that your account with all data will be deleted four weeks after sending the email. If you do not want this, please contact us accordingly.
Deletion periods regarding contact requests
If you have sent us a contact enquiry via the contact form, but have not subsequently registered, we will also delete your data after 6 months.
Changes to data protection declaration
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing.
Insofar as user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Users are requested to inform themselves regularly about the content of the data protection declaration.