The Controller for data processing is the Future Flexible Company, Dr.-Heinrich-Maier-Straße 61, 1180 Wien, Commercial Register Number FN 660502 b.
Email: team@yumi42.com
For better readability, the name "Yumi42" is used consistently below. Wherever "Yumi42" is mentioned in this Privacy Policy, it always refers to the aforementioned legal entity, Future Flexible Company, as the Controller under data protection law.
Nouns used in this Privacy Policy are understood to be gender-neutral; the masculine form is used solely for easier readability.
This Privacy Policy applies to our websites under the following domains:
We process the personal data that you provide to us when using our website. This provision by you is (contractually) necessary for processing your inquiries or for community use. If you do not provide us with your corresponding personal data, we cannot process your inquiry or enable community use.
Furthermore, within the scope of the above purposes, we process data that we generate about you as a user of our website or our community, namely:
For the fulfillment of contractual obligations (Article 6 paragraph 1 letter b GDPR)
The processing of personal data takes place for the provision of our contractual obligations within the scope of community use.
We transfer personal data to contracted processors, provided this is necessary within the scope of the above purposes.
All processors are contractually obliged to treat your data confidentially and to process it only within the scope of the mandate given by us.
We use the following processors within the scope of the aforementioned purposes:
We store your data for:
To simplify registration and use of the platform, we offer the option to log in via external identity providers (“Social Login”) or to synchronize calendar functions. The use of these functions is voluntary and is based exclusively on an express consent in accordance with Art. 6 Para. 1 lit. a GDPR.
The following services may be used for this purpose:
We use certain Google services to operate Yumi42. When you use these features, the following data is accessed and used.
Google Analytics:
Sign in with Google:
Google Calendar synchronisation:
Our use of information received from Google APIs and any transfer of that information to other apps complies with the Google API Services User Data Policy including the Limited Use requirements.
We store Google user data (for example your Google account ID, email address, calendar event IDs and OAuth tokens) only to the extent necessary to provide the Google based functions described in this Privacy Policy and to comply with legal retention obligations. OAuth tokens and other credentials are stored in encrypted form. If you disconnect Google services from your Yumi42 account or delete your Yumi42 account, we delete or anonymise the associated Google derived data and tokens once any mandatory retention periods have expired.
We protect Google user data with appropriate technical and organisational measures. In particular, we use encryption in transit (for example TLS) and encryption at rest for our production databases and backups, apply role based access controls on a need to know basis, and log access to production systems. We separate production and development environments and avoid using real Google user data for testing wherever possible. We regularly review our security measures and update them where necessary. We do not use Google user data to develop, improve, or train generalized AI or machine learning models.
We do not sell Google user data. We do not transfer or disclose Google user data to third parties for purposes other than providing and operating Yumi42, fulfilling our legal obligations, or where you explicitly request or consent to such transfer. Google user data is shared only with Google itself, when we create or update content in your Google account on your behalf, and with our infrastructure and service providers that process this data on our behalf under data processing agreements and only for the purposes described in this Privacy Policy.
We process the personal data that you provide to us as part of your registration/consent for the respective newsletter. This provision by you is necessary for sending the newsletter. If you do not provide us with your corresponding personal data, we cannot send you a newsletter.
Furthermore, within the scope of the above purposes, we process data that we generate about you as a user of our newsletter, namely:
Based on your explicit, revocable consent at any time (Article 6 paragraph 1 letter a GDPR)
The processing of personal data takes place on the legal basis of your consent, which can be revoked at any time. Revocation can be made as follows (at least as simple as giving consent): via the unsubscribe link in every newsletter.
We transfer personal data to contracted processors, provided this is necessary within the scope of the above purposes.
All processors are contractually obliged to treat your data confidentially and to process it only within the scope of the mandate given by us.
We use the following processors within the scope of the aforementioned purposes:
We store/process your data:
We operate a platform for customers seeking support and for coaches. Therefore, platform contracts are concluded with customers and placement contracts with coaches via our platform; customers and coaches also conclude coaching contracts directly.
The coaching units take place based on the coaching contracts between coaches and customers via Google Meet online video conferences (the Google service provider automatically sends meeting links and automatically records participation in the conferences).
To ensure transparency, this data protection information also includes information regarding the processing of the customer's personal data by the coaches regarding their fulfillment of the coaching with the customers.
Since this processing is largely handled via our platform, we act as a data processor for the coaches in this regard.
Insofar as the processing of data by Yumi42 is required to fulfill the contractual obligations of Yumi42, Yumi42 acts on its own responsibility.
Unless explicitly distinguished below, the information applies both to the processing by us as the data controller and to the processing by the coaches as data controllers.
We process the personal data that you, as a customer, provide to us for the provision of services. This provision by you is contractually necessary for the conclusion of the agreements between you (as a customer) and us and between you and the coach for the agreed service provision, and also legally necessary, in particular to fulfill our accounting obligations.
This also includes any data in connection with the payment for our services (see below on the payment service provider STRIPE).
If you do not provide us with your corresponding personal data, we cannot conclude a contract with you or fulfill it.
Furthermore, we process personal data that we generate about you or collect from the mentioned sources within the scope of our service provision, namely:
We process your personal data for the fulfillment of our contractual obligations, including support inquiries, and for the fulfillment of associated other legal obligations, in particular from corporate and tax law:
For the fulfillment of contractual obligations (Article 6 paragraph 1 letter b GDPR)
The processing of personal data takes place for the provision of our contractual obligations, in particular for the fulfillment of our contracts with you. The purpose of data processing for contract fulfillment is primarily the processing of the Coaching Services mediated by us.
For the fulfillment of legal obligations (Article 6 paragraph 1 letter c GDPR)
The processing of personal data also takes place for the purpose of fulfilling various legal obligations to which we are subject, in particular under corporate and tax law.
For the protection of legitimate interests (Article 6 paragraph 1 letter f GDPR)
We process personal data to protect our legitimate interests, unless your interests in confidentiality outweigh them.
Data processing for the protection of legitimate interests takes place in the following cases:
Advertising and marketing to existing contractual partners
You can object to the processing of personal data based on legitimate interests – see below for data subject rights.
Yumi42 transfers your personal data to the respective coach as part of the mediation of the coaching agreement.
Furthermore, we use processors insofar as this is necessary for the fulfillment of the respective service.
All processors are contractually obliged to treat your data confidentially and to process it only within the scope of the mandate given by us.
We use the following processors:
As a payment service provider, we use Stripe Payments Europe Limited ('STRIPE'), which receives the credit card data you enter and the billing data from us for the processing of payment services.
The processing of this data for payment processing then takes place under STRIPE's own data protection responsibility (see their data protection information: https://stripe.com/at/privacy).
Your credit card data is not stored by us, but only a STRIPE ID, which we can use to initiate further payments with STRIPE.
We store the personal data necessary for contract fulfillment for the duration of the entire business relationship and additionally in accordance with the Austrian legal retention and documentation obligations (e.g., under the Austrian Commercial Code or the Federal Fiscal Code), generally for 7 years.
Insofar as data processing by Yumi42 is present for the fulfillment of the contractual obligations of Yumi42 with the coach, Yumi42 acts on its own responsibility.
Furthermore, as a mediation platform, we process the coach's data on our own responsibility.
We process the personal data that you, as a coach, provide to us. This provision by you is contractually necessary for the conclusion of the agreements between you as a coach and us and between you as a coach and the customer for the agreed service provision, and also legally necessary, in particular to fulfill our accounting obligations.
This also includes any data in connection with the payment for the services (see below on the payment service provider).
If you do not provide us with your corresponding personal data, we cannot conclude a contract with you or fulfill it.
Furthermore, we process personal data that we generate about you or collect from the mentioned sources within the scope of our service provision, namely:
We process your personal data for the fulfillment of our contractual obligations, including support inquiries, and for the fulfillment of associated other legal obligations, in particular from corporate and tax law:
For the fulfillment of contractual obligations (Article 6 paragraph 1 letter b GDPR)
The processing of personal data takes place for the provision of our contractual obligations, in particular for the fulfillment of our contracts with you. The purpose of data processing for contract fulfillment is primarily the processing of the Coaching Services mediated by us.
For the fulfillment of legal obligations (Article 6 paragraph 1 letter c GDPR)
The processing of personal data also takes place for the purpose of fulfilling various legal obligations to which we are subject, in particular under corporate and tax law.
For the protection of legitimate interests (Article 6 paragraph 1 letter f GDPR)
We process personal data to protect our legitimate interests, unless your interests in confidentiality outweigh them.
Data processing for the protection of legitimate interests takes place in the following cases:
Advertising and marketing to existing contractual partners (Coach)
You can object to the processing of personal data based on legitimate interests – see below for data subject rights.
Yumi42 transfers your personal data to the respective customer, i.e., your contractual partner, as part of the mediation of the coaching agreement.
Furthermore, we use processors insofar as this is necessary for the fulfillment of the respective service.
All processors are contractually obliged to treat your data confidentially and to process it only within the scope of the mandate given by us.
We use the following processors:
For payment processing, we use the payment service provider Stripe Payments Europe Limited, The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (“Stripe”).
Stripe receives personal data (e.g., name, email address, billing data, payment source, transaction amount) for the purpose of payment processing.
Stripe processes this data under its own data protection responsibility. Storage and processing take place in accordance with Stripe's applicable data protection regulations, which can be found at the following link: https://stripe.com/privacy
We do not store complete payment data (e.g., credit card numbers), but only technical reference identifiers (e.g., Stripe Customer ID, Payment Intents) to be able to assign payments.
We store the personal data necessary for contract fulfillment for the duration of the entire business relationship as a coach and additionally in accordance with the legal retention and documentation obligations (e.g., under the Austrian Commercial Code or the Federal Fiscal Code), generally for 7 years.
In this context, it should be noted that Yumi42 operates a mediation platform between customers and coaches. To ensure transparency, this data protection information also includes information regarding the processing of the customer's personal data by the mediated coaches as controllers.
The data subject rights described below can be asserted against the respective controller for the processing of personal data, i.e., Yumi42 or the respective coach.
If we process your personal data based on your consent, you have the right to revoke this consent at any time.
The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
You will be informed of this before giving consent.
The revocation of consent must be as simple as the granting of consent.
If we process your personal data, you have the right to information about the processing purposes, the categories of personal data processed, the recipients of this personal data, the storage period, the rights to which you are entitled, the origin of the personal data, and the possible existence of automated decision-making.
You are entitled to request the rectification of inaccurate or incomplete personal data concerning you.
You are entitled to request the deletion of personal data concerning you if the processing of the data is not lawful and no legal obligations on our part oppose the deletion.
You are entitled to request the restriction of the processing of your data in certain cases.
You are entitled to request the transfer of your data that you have provided to us in a structured, common, and machine-readable format.
You have the right to have the personal data transmitted directly by us to a controller named by you, insofar as this is technically feasible.
You are entitled to object to the processing of personal data concerning you at any time for reasons arising from your particular situation.
If you object, we will no longer process personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing that override your interests.
You can object to the use of your personal data for advertising purposes at any time; in this case, we will stop processing your data for advertising purposes.
To exercise your rights in relation to the data processed by us, please contact: team@yumi42.com
You have the right to lodge a complaint with the data protection supervisory authorities if you believe that your data protection rights are being violated:
In Switzerland with the various cantonal data protection authorities:
