Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

Mussie Haile
Guiding-Ventures
Lohmühlenstraße 65
12435 Berlin
Germany

Email: admin@guidingventures.com
Phone: +4917687053245

If you have any questions regarding this privacy policy or our data protection practices, please contact us using the details above.

2. Personal Data We Collect

We may collect and process the following types of personal data:

• Identity and Contact Data: Name, email address, phone number, and similar contact information, particularly when you fill out forms (e.g., on our Career Coach page).
• Account Data: If you create an account for our AI services, we collect your email address and a securely hashed password.
• Service Usage Data: Information you provide when using our services, such as CV content, job role information, or other details submitted to the AI Studio.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
• Usage Data: Information about how you use our Website, products, and services, including pages visited and links clicked.
• Cookie Data: Information collected via cookies and similar technologies (see Section 5).

We collect data directly from you (e.g., when you fill forms or create an account) and automatically as you navigate the Website (e.g., technical data, usage data).

3. How We Use Your Personal Data and Legal Basis

We use your personal data for the following purposes and on the following legal bases:

• To provide and manage our services: (e.g., CV builder, AI Studio, Career Coach forms).
  Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR) to operate our Website effectively.
• To manage user accounts: (for AI Studio and other registered services).
  Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR).
• To respond to your inquiries: (submitted via contact forms or email).
  Legal Basis: Your consent when submitting the form (Art. 6(1)(a) GDPR), or for pre-contractual measures (Art. 6(1)(b) GDPR).
• To improve our Website and services: (analyzing usage patterns).
  Legal Basis: Your consent for analytics cookies (Art. 6(1)(a) GDPR and § 25 (1) TTDSG), Legitimate interests (Art. 6(1)(f) GDPR) for general service improvement.
• To comply with legal obligations:
  Legal Basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR).
• To send marketing communications (if you opt-in):
  Legal Basis: Your consent (Art. 6(1)(a) GDPR).

4. Third-Party Services and Data Processors

We engage third-party companies and individuals to facilitate our Website and services ("Service Providers"), to provide the Website on our behalf, to perform Website-related services, or to assist us in analyzing how our Website is used. These third parties act as data processors and have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We have Data Processing Agreements (DPAs) in place with these providers where required by law.

A. Netlify (Hosting)

Our Website is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA. Netlify processes data such as IP addresses, access logs, and other data generated by website usage.
Purpose: Secure and efficient hosting of our Website.
Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
Privacy Policy: https://www.netlify.com/privacy/.
Data Transfers: Transfers to the USA are based on appropriate safeguards (e.g., SCCs or an adequacy decision like the EU-U.S. DPF if Netlify is certified).

B. Formspree (Form Handling)

We use Formspree, Inc. (USA) to manage submissions from our contact forms (e.g., on the Career Coach page). Data entered into these forms is processed by Formspree.
Purpose: Efficiently manage form submissions.
Legal Basis: Your consent upon submission (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
Privacy Policy: https://formspree.io/legal/privacy-policy/.
Data Transfers: Transfers to the USA are based on appropriate safeguards (e.g., SCCs).

C. Supabase (Backend & Authentication)

We use Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992 (or its US entity) for backend services, including user authentication for our AI Studio and database operations. Data such as email addresses, hashed passwords, and service-specific data (e.g., CV content for AI analysis) are processed by Supabase.
Purpose: Provide user accounts, database functionality, and AI service features.
Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR).
Privacy Policy: https://supabase.com/privacy.
Data Transfers: Data may be processed globally; transfers are protected by appropriate safeguards (e.g., SCCs).

D. Google Analytics (Website Analytics)

We use Google Analytics to analyze website usage. The provider for users in the EEA and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; for all other users, it is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies to collect data about your use of the Website.
Purpose: Understand website traffic and user behavior to improve our services.
Legal Basis: Your consent (Art. 6(1)(a) GDPR and § 25 (1) TTDSG for cookies).
IP Anonymization: Activated. Your IP address is truncated by Google within the EEA before transfer to the USA.
Opt-out: Via our cookie consent banner or Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout.
Privacy Policy: https://policies.google.com/privacy. How Google uses data from partner sites: https://policies.google.com/technologies/partner-sites.
Data Transfers: Transfers to the USA are based on appropriate safeguards (e.g., SCCs or an adequacy decision like the EU-U.S. DPF if Google is certified).

5. Cookies and Similar Technologies

Our Website uses cookies (small text files stored on your device) and may use similar tracking technologies. We use a cookie consent banner (e.g., via `react-cookie-consent`) to manage your preferences for non-essential cookies.

• Strictly Necessary Cookies: Essential for the Website to function (e.g., session management, security).
  Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) or § 25 (2) TTDSG.
• Preference Cookies: Remember your choices and preferences.
  Legal Basis: Your consent (Art. 6(1)(a) GDPR and § 25 (1) TTDSG).
• Analytics/Performance Cookies (e.g., Google Analytics): Help us understand how you use our Website.
  Legal Basis: Your consent (Art. 6(1)(a) GDPR and § 25 (1) TTDSG).
• Marketing Cookies (if used): Used to deliver relevant advertisements.
  Legal Basis: Your consent (Art. 6(1)(a) GDPR and § 25 (1) TTDSG).

You can manage your cookie preferences through our consent banner and usually through your browser settings. Disabling certain cookies may affect Website functionality.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes SSL/TLS encryption for data transmission. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the processing purposes, and applicable legal requirements.

8. Your Data Protection Rights (GDPR)

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): To request copies of your personal data.
• Right to rectification (Art. 16 GDPR): To request correction of inaccurate or incomplete data.
• Right to erasure ('right to be forgotten') (Art. 17 GDPR): To request deletion of your data under certain conditions.
• Right to restriction of processing (Art. 18 GDPR): To request restriction of processing under certain conditions.
• Right to data portability (Art. 20 GDPR): To request transfer of your data to another organization, or to you, under certain conditions.
• Right to object to processing (Art. 21 GDPR): To object to our processing of your data under certain conditions (e.g., where based on legitimate interests).
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us using the details in Section 1. We may need to request specific information from you to help us confirm your identity.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. The competent authority for us is typically the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

9. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. We ensure that any such transfers are compliant with GDPR, using safeguards such as adequacy decisions by the European Commission (e.g., EU-U.S. Data Privacy Framework if recipients are certified) or Standard Contractual Clauses (SCCs).

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.