YAY YAY
menu
YAY
Close menu
Get Started

Existing customer?

Privacy Policy

YAY is a web app that lets you subscribe to an online journal, offer it as a gift, and print it as a photo book with text.

By using the online diary, you entrust your data to us at YAY. We protect it according to the latest standards, with daily backups, and in compliance with the General Data Protection Regulation (GDPR).

Responsible for YAY and this privacy policy

YAY
Inhaber Philipp Scheit
OT Sibstin
Dorfstr. 12 f
D-23720 Altenkrempe

E: info@yaymemories.com
T: +49 174 6004263
VAT number: DE280778214
Imprint

First things first

Your own the copyright to all your personal data. You alone decide who is allowed to see it.


Data security at YAY stands for the following directives:

  • the rights to your text, image, and video data remain exclusively with you (unlike Meta/Facebook, for example)

  • no other customer or person can see your online journal unless you make your password available to other people

  • we will never publish any of your data

  • we do not use it to advertise, because YAY is financed through subscriptions

  • we never use your data to create a profile of you

  • you can get an export of the data you uploaded to our platform at any time

  • we will irrevocably delete your account if you wish

We use marketing tools to optimize our website, but not for your private, password-protected online journal.

Unless we are legally obliged to do so (see below), we do not pass on any data to third parties. We have concluded an order data processing contract (German abbreviation: ADV) with the third-party providers with whom we work for the collection, processing, or use of personal data by the service provider. These include service providers for sending emails, hosting services, fulfillment partners, printing partners, communication tools such as chats and analysis services.

In our privacy policy we clarify:

  • which data we collect (type of data)

  • which persons are affected (category of affected persons)

  • to what extent and for what purpose do we collect the data

  • what we do with the data

The data protection declaration refers to our website https://www.yaymemories.com, the private online journals we provide and the external online presences associated with our online offer, such as our social media profiles on Facebook, Instagram, Twitter and Pinterest (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "processing" or "responsible", we refer to the definitions in Art. 4 of the GDPR.

1. Data We Collect

We collect data that you actively provide to us and data that helps us improve the functionality of our service for you. Stored data is processed solely for our own presentation and not used for advertising purposes.

Below, we define: I. Types of data processed, II. Categories of data subjects within the meaning of the GDPR, III. Purpose of processing, and IV. Terms used.

I. Types of Data We Collect:

a) Customer data

When you start a trial (the free 30-day trial period), we ask for your name and email address. When you order a paid subscription (monthly or annual subscription), we request the following inventory and contact information: first and last name, email address, and home address (optional: telephone number).

We need this data to:

  • manage your user account,

  • contact you with questions and information,

  • send you your ordered photo books via our printing partners,

  • properly invoice you for the purchased product (Stork Package, annual/monthly subscription, photo book, photo products) – or possibly several of these products,

  • communicate payment requests if necessary,

We send invoices for the purchase of our products online via our payment provider (see list of subcontractors). For legal reasons, your address must be included on the invoice. We send reminders by email and mail.

Payment data (e.g., bank details, payment history) are requested from our payment provider and processed by them.

b) Website visits

When you visit our website https://www.yaymemories.com, we collect:

  • Usage data

Meta/communication data: This includes device-related information such as browser type, browser version, operating system, IP address, access times (details in the section: Analysis tools for the website).

c) Memories (Content of your online journal and photo book)

You can enter text, save photos, images, and embed videos (memories) in your YAY online diary, and print photo products from them. We save these memories for you.

The data of your online journal is not publicly visible. Only the people you send the admin or reading password in addition to your blog link to can read your content. Only you or those to whom you share your user data (username and password for your personal editing area), such as your partner (see also the section: Data Security), can edit your content data.

We only store content data for the purpose of making it available to you as part of our service.

II. Types of Persons Concerned

  • Customers who use or have used the YAY online diary and photo book printing service, whether on a trial or paid subscription (customer or user are used interchangeably here).

  • Persons visible in photos and videos uploaded by customers.

  • Parties interested in lead magnets (who download eBooks on photography and diary writing as freebies and enter their email address into the corresponding funnel).

  • Visitors to our website www.yaymemories.com

III. Purpose of Processing

  • Provision of the online service, its functions, and content

  • Responding to contact inquiries and communicating with users

  • Security measures

  • Analyses of impressions and website usage

  • Marketing measurements, especially email marketing

  • Lead generation, especially through the provision of freebies such as eBooks, e.g., on photography

    Shipping of photo books via printing partners

IV. Terms

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who is identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is broad and encompasses practically every handling of data.

The "responsible person" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.

2. Data Security

We strive to protect YAY and our users from unauthorized access to or unauthorized modification, disclosure or destruction of data. The security measures taken include:

  • We store your photos and texts separately from other customer data. Each user's data is stored in a separate database.

  • We perform daily backups to minimize the risk of data loss.

  • If you would also like to store your data on your own hard drive, we can export your data upon request.

  • Your online journal is not indexed by search engines such as Google. This means it cannot be found online by entering search terms into search engines such as Google.

  • Your admin space (where you can, for example, write journal entries and change settings) is protected by a password. You will receive this password when you start a trial subscription. Additionally, you can create a reading password in your personal area settings so that no one you don't trust can read your online diary. We strongly recommend that you change your password regularly and avoid using passwords that are easy to guess.

  • All information between you and our server is transmitted encrypted (HTTPS/SSL) so that no one can intercept this data. This means that all photos and text you enter into your online diary are transmitted encrypted from your browser to our server.

  • We encrypt our services using SSL wherever possible.

    We restrict access to personal data to YAY employees who absolutely need to know the data in order to process it for us.

  • We have elaborated a deletion policy that we will make available to you upon request.

  • We have prepared data protection documentation on confidentiality (Art. 32 Para. 1 lit. b EU GDPR) and integrity (Art. 32 Para. 1 lit. b EU GDPR), which we will make available to you upon request.

3. Relevant Legal Bases

The legal basis for data processing is the consent of the data subject to YAY's General Terms and Conditions. Consent is given by the data subject checking the box when ordering a subscription.

If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art Answering inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(c) GDPR 6 Paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

4. Risk Analyses

At YAY, we implement sophisticated measures according to the list above to the best of our knowledge to ensure that your data as a customer is secure and protected. Despite these security measures, it cannot be ruled out that customer data may be accidentally deleted and become irretrievable.

As with any online service, there is a risk of external hacking, which could result in customer data being deleted or made public (especially on the internet). This risk exists because not only does YAY itself have to protect data, but cooperation with subcontractors such as hosting service providers always carries a residual risk.

The loss of data is of a material nature. Customers must fear losing their memories stored with YAY or, in extreme cases, even inadvertently disclosing them. There is a risk of blackmail in the event of data leaks or theft.

Passwords for the online diaries are sent encrypted. The customer is responsible for not disclosing their password to unauthorized persons. This also applies if they set their own password.

Online diaries aren't indexed online and therefore can't be found by search engines. There's a theoretical risk of guessing customers' web addresses. However, password protection takes effect in this case. Using a password isn't optional.

5. Deletion of Data

The data we process will be deleted or restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to German legal requirements, data is retained for 6 years according to Section 257 (1) of the German Commercial Code (HGB) (commercial ledgers, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years according to Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

We delete online journals of users with a trial subscription who do not convert to a paid subscription after 60 days. There is no right to recovery. Online journals of customers with a paid subscription are deleted within 0-90 days after cancellation.

We delete communication with customers and the customer's data upon request from those affected. You can find further information on deletion periods in our Terms and Conditions. If you have any questions about how long we retain which data, please contact us and we will provide you with further information.

6. Collaboration with Third Parties

For our services, we work with various companies that are considered recipients of data under the GDPR. We have subcontracting relationships with these companies.

In Germany, these include subcontractors for web hosting, email delivery, and the printing of photo products.

We also work with companies from third countries, i.e., companies based in the rest of the EU, Switzerland, and the USA:

  • Printing services (EU and worldwide)

  • Print fulfillment services (EU)

  • Email delivery services (EU)

  • Sending service for passwords via SMS (USA)

  • Website analysis tools (USA)

  • Image backups (USA)

  • Communication tools (USA)

  • Payment providers (USA)

  • You can request a list of subcontractors by emailing us at info@yaymemories.com.

7. Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use to operate this online offering.

We process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, interested parties, and visitors to our online offering based on our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of an ADV).

Our Internet service provider is Netcup GmbH, based in Karlsruhe, Germany.

For image backups, we use the services of IDrive Inc., USA.

8. Collection of Access Data and Log Files

On the basis of our legitimate interests within the meaning of Article 6 Paragraph 1 lit server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, IP address, and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

9. Cookie Policy

"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer.

Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be saved.

"Permanent" or "persistent" refers to cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which is used for range measurement or marketing purposes.

"Third-party cookies" are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, we speak of "first-party cookies").

We use temporary and permanent cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in your browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies will lead to functional restrictions and functional failure of this online offer.

10. Storing Local Data

During the ordering process, the data of the order you started will be saved on your device. This means that the data from an order process that has started will be retained if you interrupt the order and visit the website again. The data of started (not shipped) orders are NOT transmitted to us, but only remain on your device (Local Storage).

11. Storing communication

When you call, email, or chat with us, we record the communication (e.g., Meta name and subject of your inquiry) so that we are aware of previous discussions the next time we contact you and can help resolve any issues if necessary. This is useful because otherwise only one member of our team would be aware of your inquiry, but someone else might respond the next time.

We process emails via the provider DomainFactory GmbH, Munich, support@df.eu.

We use WhatsApp, a chat messenger belonging to the Meta Group, USA.

We do not use plug-ins from so-called social media. The respective social media platforms and messenger apps still collect data (see the section on online presence).

Data transmission over the Internet (e.g., when communicating via email and chat) may have security gaps. Complete protection of data from access by third parties is not possible.

12. Providing Contractual Services

We process inventory data (e.g., names and addresses as well as contact details of users), and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6 (1) (b) GDPR. Entries marked as mandatory in online forms are required for the conclusion of the contract.

Data will be deleted after the expiration of statutory warranty and similar obligations. The necessity of retaining the data will be reviewed every three years; in the case of statutory archiving obligations, deletion will occur after these expiration. Information in any customer account will remain until it is deleted.

13. Ordering process

During the ordering process, you as the user will be provided with the required mandatory information. The data entered during registration will be used for the purposes of using the service. Users may be informed by email about information relevant to the service or registration, such as changes to the scope of the service or technical issues. If users cancel their user account, their data relating to the user account will be deleted, unless retention is required for commercial or tax law reasons in accordance with Art. 6 (1) (c) GDPR. It is your responsibility as the user to back up your data by exporting it upon termination before the end of the contract or at any time beforehand. We are entitled to irretrievably delete all user data stored during the term of the contract.

14. Embedding videos

We offer you the option of embedding videos in your private online diary via the "Vimeo" platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, New York 10011, USA, by pasting the Vimeo video link into a text box of a diary entry.

With Vimeo, you can upload password-protected videos and view them directly in your private online diary by embedding the link. Embedding videos will access Vimeo's servers for technical reasons. Vimeo uses cookies. For information on the use of data from your device and browser, please refer to Vimeo's privacy policy. You can learn more about Vimeo's privacy policy under Settings and Private Mode.

It is also possible to embed videos via Bunny.net, located at Dunajska cesta 165, 1000 Ljubljana, Slovenia. This option is only available after direct consultation with us. Bunny does not record any personal data by default. Further information can be found here: https://bunny.net/gdpr/

15. Newsletter

We send newsletters for marketing purposes. By subscribing to our newsletter, you agree to receive them and to the procedures described. You sign up for the newsletter using your email address and, for personal address, your (first) name.

Cancellation/Revocation

You can cancel your subscription to our newsletter at any time, i.e., revoke your consent. At the end of each newsletter, you will find an unsubscribe link. You can request deletion at any time.

Service Provider

YAY's newsletters, eBooks, and emails from the onboarding and other email funnels are sent via the shipping service provider Encharge Ltd, a newsletter distribution and marketing platform of Smel Nov Svyat EOOD, located at Sofia, Bulgaria. Email: support@encharge.io.

The email and marketing platform is used on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR and an ADV pursuant to Art. 28 (3) (1) GDPR. The email and marketing platform may use recipient data in pseudonymous form, i.e., without assignment to a user, to optimize or improve its own services, e.g., for the technical optimization of the delivery and presentation of newsletters or for statistical purposes. The delivery service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.

Performance Measurement

The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from the encharge server when the newsletter is opened. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This information is used to technically improve the services based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention, nor that of our shipping service provider, to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to you or to send different content based on the interests of our users.

16. Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

We process users' data if they send us private messages within the social networks and platforms.

We do not use social media plugins.

Accordingly, we do not use Facebook Pixel for our Facebook page (part of Meta). However, like other social media platforms, Facebook collects data from users who visit the respective fan page. For the use of data from your device and browser, please refer to Facebook's privacy policy and the associated statement. Facebook explains how it handles the GDPR under GDPR. If you would like to exclude Facebook from storing your data by collecting our fan page, please refrain from visiting and interact with us in other ways.

17. Analysis tools for the website

For the YAY website, we use the PostHog service to best present our products and continuously improve our service. We do NOT use this or other data analysis services for the private, password-protected online diaries!

These features are offered by PostHog Inc, 965 Mission Street, San Francisco, CA 94103 USA. PostHog can record, play back, and temporarily store your behavior on our website. Storing this data is solely for the purpose of improving our service. You can find further information in PostHog's privacy policy.

If you wish to object to its use, you can do so under <a href="#" class="revoke-policy">Privacy Settings</a>. By rejecting the analysis tool, it will not be loaded or used on our website.

The data we process at PostHog EU is hosted on PostHog's German servers. PostHog’s EU service guarantees that data will be stored, managed and evaluated in accordance with European data protection law.

18. Rights of Persons concerned

You have the right to request confirmation of which data is being processed and to access this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

According to Art. 16 GDPR, you have the right to request the completion of the data concerning you or the rectification of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted immediately, or alternatively, to request that the processing of the data be restricted in accordance with Art. 18 GDPR.

You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of Withdrawal

You have the right to withdraw consent granted in accordance with Art. 7 (3) GDPR with future effect.

Right of objection

You can object to the future processing of your data at any time in accordance with Art. 21 GDPR.

19. Disclaimer

This disclaimer applies to all our services and the processing of all data. In particular, this disclaimer refers to the fact that YAY cannot be held responsible if photos, photo books, and other photo products are deleted despite the precautionary and protective measures taken, are otherwise lost or stolen (e.g., due to a hacker attack), or are even published by hackers.

YAY is not liable for indirect, consequential, or atypical damages of any kind related to the images or photo products. YAY is not liable for compensation for lost profits, lost use, or the loss of intangible assets.

20. Changes to our Privacy Policy

Our Privacy Policy may change from time to time. We will publish any changes to this Privacy Policy on this page. We will not restrict your rights under this Privacy Policy without your express consent. If the changes are material, we will notify you by email. We will also keep older versions of this Privacy Policy in an archive for your convenience.

Further information

Do you have any questions? Send us an email: info@yaymemories.com

This Privacy Policy was created using Datenschutz-Generator.de by attorney Dr. Thomas Schwenke. We have adapted it and added some wording for better comprehensibility.