Privacy Policy
1. Controller
Rabbit Marketing OÜ, Tornimäe tn 5, 10145 Tallinn, Estonia (registry code 17397243), represented by Bernd Mario Lorenz. Email: hello@vivamehr.com. vivamehr™ is a brand of Rabbit Marketing OÜ.
2. Principles
This website sets no tracking cookies, uses no analytics services and creates no user profiles. We only process the data required to operate the website and to answer your enquiries.
3. Hosting and server log files
This website is operated by a hosting provider in Germany. When you visit it, technically necessary connection data (IP address, date/time, page accessed, browser identifier) are processed in server log files to provide the website securely (Art. 6(1)(f) GDPR). The log files are deleted automatically after a short time.
4. Contact form and email
If you use the contact form, we process the data you provide (name, email address, message) exclusively to answer your enquiry (Art. 6(1)(b) or (f) GDPR). Your details are forwarded to us by email and are not stored permanently on the web server. To prevent abuse, the form uses an invisible check field, a submission time measurement and a short-lived, hashed IP counter (rate limit, stored for up to one hour).
5. Chat assistant (AI-supported website information)
On this website we offer a chat assistant that answers your questions based on the content we have approved.
Data processed: the question text you enter, a randomly generated session identifier (stored in your browser's local storage when the page loads; not a cookie), and technically necessary connection data (including your IP address, used solely to prevent abuse/overload and truncated/deleted promptly).
Usage log for quality assurance: question content and answer data are stored in an internal usage log so that we can review answer quality and improve the service. The log is not combined with other data, is not passed on to third parties and is deleted regularly. Please do not enter sensitive personal data in the chat.
Where processing takes place: the AI processing runs on our own hardware in Germany; your questions are not transmitted to any US AI model. The encrypted transport of chat messages runs through the content delivery network of Cloudflare, Inc. (USA); in the process, connection data (including IP addresses) are processed by Cloudflare. This transfer is based on the adequacy decision for the EU-US Data Privacy Framework (Cloudflare is certified there) and, where applicable, EU standard contractual clauses.
Legal basis is our legitimate interest in a service-oriented, functioning website (Art. 6(1)(f) GDPR). Important: the assistant is an automated tool; answers may contain errors and do not constitute a legally binding commitment, an offer or a contract.
Instant demo ("Test it with your website"): If you use the demo on the home page, we process the domain you enter and your demo questions. Our server fetches a few publicly accessible pages of the specified website (respecting robots.txt) and builds a temporary knowledge base from them, which is kept in memory only and deleted automatically after 15 minutes at the latest. Only publicly accessible content is processed. To prevent abuse we use a security question and a short-lived, hashed IP counter (rate limit, stored for up to one hour). Legal basis is Art. 6(1)(b) or (f) GDPR. Please only enter websites you are authorised to represent.
6. Online appointment booking
If you book an initial consultation via the calendar, we process the data you provide (name, email address and/or phone number, your request, the selected slot) to carry out the appointment (Art. 6(1)(b) GDPR). You receive a confirmation email with a cancellation link; the appointment is stored in our calendar. If you cancel via the link, the appointment note and calendar entry are deleted.
7. Recipients and third-country transfers
Your data are not passed on to third parties for advertising purposes. Processors (e.g. hosting) are bound by contract in accordance with Art. 28 GDPR. The AI processing itself takes place exclusively in Germany. For transporting chat messages we use Cloudflare, Inc. (USA) as a content delivery network — see section 5; to that extent, connection data are transferred to the USA on the basis of the EU-US Data Privacy Framework or EU standard contractual clauses (Art. 44 et seq. GDPR).
8. Storage period
We store personal data only for as long as necessary for the purposes stated or as required by statutory retention obligations (e.g. for business correspondence and invoices).
9. Your rights
You have the right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and the right to object to processing based on Art. 6(1)(f) GDPR (Art. 21). To exercise these rights, contact the controller named in section 1. You also have the right to lodge a complaint with a data protection supervisory authority.