Privacy Policy for the ESTIAGO Social Media Platform
1. Introduction
We take the protection of your personal data very seriously. This Privacy Policy explains how we collect, use, and protect your personal data when you use the ESTIAGO platform, including its mobile apps and associated web services.
This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The responsible party (data controller) under data protection law is:
Ramón Enríquez Schäfer
Kehler Weg 31
69126 Heidelberg
Germany
+491511 2468 888
Ramon.enriquez.schaefer@gmail.com
[Data Protection Officer, if applicable]
3. What Data We Collect
We may collect and process the following categories of personal data:
Registration data:Name, email address, password
Profile dataFamily relationships, birth and death dates (including for deceased individuals), profile photos
Uploaded content:Photos, texts, documents, and other user-generated data
Usage data:Login times, interactions, sharing activities
Communication data:Messages, comments, posts
Payment data: If you subscribe to a paid plan
4. Purpose and Legal Basis of Data Processing
The responsible party (data controller) under data protection law is:
Purpose
Platform functionality and user communication
User-generated content management
Compliance with legal obligations
Platform security and misuse prevention
Payment processing
Legal Basis
Art. 6(1)(b) GDPR (performance of a contract)
Art. 6(1)(a) and (b) GDPR (consent and contract)
Art. 6(1)(c) GDPR
Art. 6(1)(f) GDPR (legitimate interests)
Art. 6(1)(b) GDPR
5. Special Note on Deceased Persons' Profiles
While data protection laws (including GDPR) do not apply to deceased persons, ESTIAGO treats such profiles with the utmost respect. Only close relatives are allowed to create and maintain these profiles. Users are responsible for ensuring that sensitive information is shared respectfully and lawfully.
6. Sharing Your Data
We do not sell or rent your data. Data may be shared with third parties only where necessary:
For technical operations (e.g., hosting providers)
For payment processing
To comply with legal obligations
With your explicit consent
If data is transferred outside the EU/EEA, we ensure appropriate safeguards under Art. 44–49 GDPR, such as Standard Contractual Clauses (SCCs).
7. Data Retention
We retain personal data only as long as necessary for the stated purposes or to comply with legal retention periods. Upon account deletion, data will be erased within 30 days unless otherwise required by law.
8. Your Rights
You have the following rights under GDPR:
Right to access your data (Art. 15 GDPR)
Right to rectify incorrect data (Art. 16 GDPR)
Right to erasure ("right to be forgotten") (Art. 17 GDPR)
Right to restrict processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to withdraw consent at any time (Art. 7(3) GDPR)
To exercise your rights, please contact: [Insert contact email]
If you believe your rights have been violated, you may lodge a complaint with the relevant supervisory authority.
9. Data Security
We use industry-standard technical and organizational measures (TOMs) to protect your data from loss, misuse, and unauthorized access. All communication is encrypted using TLS/SSL protocols.
10. Children's Privacy
ESTIAGO is intended for users aged 16 and above. Users under 16 may use the platform only with verifiable parental or guardian consent.
11. Cookies and Tracking Technologies
[If web-based usage includes cookies:]
Our website uses only essential cookies for technical functionality. No analytics or tracking cookies are used without your consent. You can manage your cookie preferences via the cookie banner.
12. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy as needed. Any changes will be communicated clearly via the platform. The current version is always available in the app or on the website.
Effective date:08.04.2025