§ 1 Data Controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) is: Rabieb Al Khatib, Ridlerstraße 29F, 80339 Munich, Germany, email: mail(at)matbakh(dot)app.
For any questions regarding data protection, you may contact us at any time by email.
§ 2 Data Collected
(1) When using our service, we collect the following personal data: email address (during registration and login), business data (business name, category, location, website), and technical data (IP address, browser type, access times).
(2) As part of the visibility analysis, publicly available business data from third-party platforms (in particular Google Business Profile) is processed.
(3) When using the contact form, the data you enter (name, email address, message) is processed.
§ 3 Purposes and Legal Bases
(1) We process your data for the following purposes: provision and performance of the service (legal basis: Art. 6(1)(b) GDPR — contract performance), conducting AI-powered visibility analysis (legal basis: Art. 6(1)(b) GDPR — contract performance), sending confirmation emails as part of the double opt-in process (legal basis: Art. 6(1)(a) GDPR — consent).
(2) Web analytics via Google Analytics is performed only with your explicit consent (legal basis: Art. 6(1)(a) GDPR — consent, § 25(1) TTDSG).
(3) Processing of technical data to ensure system security is based on our legitimate interest (legal basis: Art. 6(1)(f) GDPR).
§ 4 AI-Powered Processing
(1) The visibility analysis is performed using Artificial Intelligence (AI). AI processing is carried out via the AWS Bedrock service (Amazon Web Services) in the EU region (Frankfurt, eu-central-1).
(2) Only business data (business name, category, location) is transmitted to the AI service. Email addresses are not transmitted to the AI service.
(3) AI-generated results are automatically generated assessments. No profiling of natural persons within the meaning of Art. 4(4) GDPR takes place. The analysis relates to the digital visibility of a business, not to personal characteristics of the user.
§ 5 Processors and Recipients
(1) We use the following processors: Amazon Web Services (AWS) — hosting, database, email delivery, AI processing. All AWS services operate in the EU region (Frankfurt, eu-central-1).
(2) Google Ireland Limited — web analytics (Google Analytics 4). Processing occurs only with your consent. Google Consent Mode v2 is implemented; without your consent, no analytics data is transmitted to Google.
(3) Your personal data is not shared with any other third parties unless we are legally required to do so.
§ 6 Data Transfers to Third Countries
(1) All data processing within the service takes place on servers within the European Union (AWS Region eu-central-1, Frankfurt am Main).
(2) When using Google Analytics, data may be transferred to Google servers in the United States. This transfer occurs only with your explicit consent and on the basis of the EU-US Data Privacy Framework or Standard Contractual Clauses (Art. 46(2)(c) GDPR).
(3) Without your consent to web analytics, no data is transferred to third countries.
§ 7 Cookies and Storage Technologies
(1) We use technically necessary storage technologies (localStorage) to provide the service. This storage is required for the functionality of the service and is based on § 25(2) TTDSG.
(2) Analytics cookies (Google Analytics) are only set with your explicit consent. You may withdraw your consent at any time.
(3) On your first visit to our website, you will be informed about the use of cookies via a cookie banner and asked for your consent.
§ 8 Retention Period
(1) Your personal data is stored only for as long as necessary to fulfill the processing purposes or as required by statutory retention obligations.
(2) Account data (email address, authentication data) is stored for the duration of your use of the service and deleted after account deletion.
(3) Visibility analysis data is stored for the duration of the provision of the analysis result.
(4) Session data stored in the browser (localStorage) remains until manually deleted by the user or until browser data is cleared.
§ 9 Your Rights
You have the following rights regarding your personal data: right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR).
To exercise your rights, please contact us by email at: mail(at)matbakh(dot)app.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.
§ 10 Withdrawal of Consent
(1) Where the processing of your data is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
(2) You may withdraw your consent to web analytics via the cookie settings on our website.
(3) You may withdraw other consents by email to mail(at)matbakh(dot)app.
§ 11 Changes to This Privacy Policy
We reserve the right to update this privacy policy as needed to reflect changes in the legal framework or changes to the service. The current version is always available on our website at matbakh.app/datenschutz.