top of page

Privacy Policy

Data Protection & Information Obligations under the GDPR
Status: February 2026 (subject to change)

​

Introduction

We (“we”, “us”, “our”) take the protection of the data of users (“users” or “you”) of our website and/or our mobile app (the “website” and the “mobile app”) very seriously and are committed to protecting the information that users provide to us in connection with the use of our website and/or mobile app (together: “digital assets”). Furthermore, we are committed to protecting and using your data in accordance with applicable law.

​

This privacy policy explains our practices regarding the collection, use, and disclosure of your data through the use of our digital assets (the “services”) when you access the services via your devices.

​

Please read this privacy policy carefully and make sure you fully understand our practices regarding your data before using our services. If you have read this policy, fully understood it, and do not agree with our practices, you must stop using our digital assets and services. By using our services, you acknowledge the terms of this privacy policy. Continued use of the services constitutes your consent to this privacy policy and any amendments to it.

​

In this privacy policy, you will learn:

  • What data we collect

  • How we collect data

  • Why we collect this data

  • With whom we share the data

  • Which data is stored

  • How long the data is retained

  • How we protect the data

  • How we handle minors

  • Updates or changes to the privacy policy

​

What data do we collect?

Below is an overview of the data we may collect:

Non-identified and non-identifiable information that you provide during the registration or login process or that is collected through the use of our services (“non-personal data”). Non-personal data does not allow conclusions to be drawn about the individual from whom it was collected. The non-personal data we collect mainly consists of technical and aggregated usage information.

Individually identifiable information, meaning any information through which you can be identified or could reasonably be identified (“personal data”). Personal data collected through our services may include information requested from time to time such as names, email addresses, addresses, telephone numbers, IP addresses, and more. If we combine personal and non-personal data, we treat the combined data as personal data as long as it remains combined.

​

How do we collect data?

The main methods we use to collect data include:

  • We collect data when you use our services. When you visit our digital assets and use services, we may collect, record, and store usage, session, and related information.

  • We collect data that you provide directly to us, for example when you contact us via a communication channel (e.g., email with comments or feedback).

  • We may collect data from third-party sources as described below.

  • We collect data when you register for our services via third-party providers such as Facebook or Google.

​

Why do we collect this data?

We may use your data for the following purposes:

  • To provide and operate our services

  • To develop, customize, and improve our services

  • To respond to your feedback, inquiries, and requests and provide assistance

  • To analyze request and usage patterns

  • For internal statistical and research purposes

  • To improve data security and fraud prevention capabilities

  • To investigate violations and enforce our terms and policies and comply with applicable laws, regulations, or governmental orders

  • To send updates, news, promotional material, and other information related to our services (you may unsubscribe from marketing emails via the unsubscribe link)

​

With whom do we share this data?

We may share your data with service providers to operate our services (e.g., third-party hosting services, technical support providers).

We may also disclose your data under the following circumstances:

  • to investigate, detect, prevent, or take action against illegal activities or misconduct

  • to establish or exercise our rights of defense

  • to protect our rights, property, or safety and that of users or the public

  • in the event of a change of control (e.g., merger, acquisition, sale of assets)

  • to store or manage data through authorized third-party providers (e.g., cloud services)

  • to work with third parties to improve user experience

Non-personal data may be transferred or shared with third parties at our discretion.

​

Blog Use

Our services may enable social interaction (e.g., posting content, comments, or chatting). Any content you share publicly may be read, collected, and used by others. We advise against posting information you do not wish to make public. Content is shared at your own risk. Copies may remain accessible in cached or archived pages even after deletion.

​

Cookies and Similar Technologies

We use cookies, tags, and similar technologies to improve user experience and website performance. Cookies are text files stored on your device when visiting a website or using an app.

Third parties may use tracking technologies (cookies, scripts, analytics tools) to automatically collect data to improve navigation, optimize performance, personalize experiences, and support security and fraud prevention.

Marketing cookies allow tailored advertising on platforms such as Facebook or LinkedIn based on browsing behavior. Third-party advertising networks and analytics providers may use cookies, web beacons, Flash cookies, or similar technologies. These technologies are governed by the respective third party’s privacy policy.

You can configure your browser to refuse cookies or notify you before storing them. You can also delete cookies via browser settings or manage preferences via the cookie banner.

Newsletter & Email Marketing

You can subscribe to our newsletter to receive updates, offers, and relevant content. Distribution is handled via the integrated newsletter tool of Wix.com Ltd., which meets GDPR requirements and is recognized by the EU Commission as providing an adequate level of data protection.

​

When subscribing, we process:

  • Email address (required)

  • First and last name (optional)

  • IP address and registration timestamp (proof of consent)

  • Usage behavior (e.g., open rates, clicks)

​

Processing is based on consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time via the unsubscribe link or by contacting us. Data is deleted within 30 days after unsubscribing unless legal retention obligations apply.

​

Transactional Emails

We send transactional emails via Wix’s integrated email system as part of existing or former contractual relationships.

​

Processed data may include:

  • Email address

  • Name (optional)

  • IP address and registration timestamp

  • Usage behavior

​

These communications may include:

  • Order confirmations

  • invoices and payment information

  • service notifications

  • event updates

  • information about related offers

  • updates to terms or privacy policies

​

Which data is stored?

Non-personal data may be stored and processed worldwide by us or trusted partners.

Personal data is processed responsibly and in compliance with applicable law. If you provide personal data of others, you must ensure authorization and accuracy. Some data may be necessary to enter into or perform a contract.

Personal data may include:

  • Name and contact details

  • Registration information

  • Location data

  • Payment data

  • Interests and preferences

  • Newsletter registration details

​

How long is data retained?

We retain data only as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Incorrect or incomplete data may be corrected or deleted at any time.

How do we protect data?

Our hosting provider stores data on secure servers behind a firewall and provides HTTPS access. Payment processing complies with PCI-DSS standards (Visa, MasterCard, American Express).

Third-Party Event Platforms

External platforms may be used for event registration and ticketing (Art. 6(1)(b) GDPR). These providers may process contact, payment, and event interaction data.

​

Minors

Services are not intended for minors. We do not knowingly collect children’s data and may request proof of age.

Your Rights (EU Residents)

You may:

  • request confirmation of data processing

  • access personal data

  • request data portability

  • request correction

  • request deletion

  • object to processing

  • request restriction of processing

  • lodge a complaint with a supervisory authority

​

Cross-border data transfers may occur with appropriate safeguards.

​

Updates to the Privacy Policy

We may revise this policy periodically. Continued use of services after updates constitutes acceptance of changes.

​

Contact

Transparency and data protection are important to us.

Mag. Hengameh Mohsenzadeh Rabbani
Veitlissengasse 10/2/4
1130 Vienna


Email: hengameh@x-emotions.com
Mobile: +43 664 618 44 337
Sole proprietorship

Member of the Vienna Chamber of Commerce (UBIT)

​

​

bottom of page