Privacy Policy

Last updated: January 25, 2025

1. Name and Contact Details of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

KI-Bilder-Erstellen.com

A service of SYNTHIS AI LTD

71-75, Shelton Street, Covent Garden, London, UNITED KINGDOM

Email: support@ki-bilder-erstellen.com

Website: https://ki-bilder-erstellen.com

2. Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed:

  • Inventory data (e.g., names, addresses)
  • Content data (e.g., text inputs, AI-generated images)
  • Contact data (e.g., email, phone numbers)
  • Meta/communication data (e.g., device information, IP addresses)
  • Usage data (e.g., visited websites, access times)
  • Contract data (e.g., subject of contract, term)
  • Payment data (e.g., bank details, invoices)

Categories of Data Subjects:

  • Communication partners
  • Users (e.g., website visitors, users of online services)
  • Customers

3. Legal Bases for Processing

Below we share the legal bases of the General Data Protection Regulation (GDPR) on the basis of which we process personal data:

  • Art. 6(1)(b) GDPR - Processing for the performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR - Processing for compliance with a legal obligation
  • Art. 6(1)(f) GDPR - Processing for the purposes of legitimate interests
  • Art. 6(1)(a) GDPR - Consent of the data subject

4. Data Processing in Detail

4.1 AI Image Generation

Data Processed: Text inputs (prompts), generated images, technical metadata

Purpose: Provision of the AI image generation service

Legal Basis: Art. 6(1)(b) GDPR (performance of contract)

Storage Period: Temporary processing during generation, no permanent storage for free users

4.2 Registration and Customer Account

Data Processed: Email address, password (encrypted), usage statistics

Purpose: Provision of extended features, account management

Legal Basis: Art. 6(1)(b) GDPR (performance of contract)

Storage Period: Until account deletion or withdrawal of consent

4.3 Payment Processing

Data Processed: Payment data, billing address, transaction data

Purpose: Processing payments for premium services

Legal Basis: Art. 6(1)(b) GDPR (performance of contract)

Storage Period: 10 years according to commercial retention obligations

4.4 Website Usage and Cookies

Data Processed: IP address, browser information, access times

Purpose: Website provision, security, functionality

Legal Basis: Art. 6(1)(f) GDPR (legitimate interests)

Storage Period: 7 days for log files, session duration for functional cookies

5. Disclosure of Personal Data to Third Parties

We only disclose personal data to third parties if this is necessary for the performance of the contract or if corresponding consent has been given:

  • OpenAI (USA): Processing of text inputs for AI image generation based on Standard Contractual Clauses
  • Payment Service Providers: Transmission of necessary payment data for transaction processing
  • Hosting Providers: Provision of technical infrastructure in Germany/EU

6. Data Transfer to Third Countries

The processing of text inputs is partly carried out by OpenAI in the USA. This transfer takes place on the basis of Standard Contractual Clauses of the EU Commission and additional technical and organizational measures to ensure an adequate level of data protection.

7. Your Rights as a Data Subject

You have the following rights with regard to your personal data:

  • Right of Access (Art. 15 GDPR)
  • Right to Rectification (Art. 16 GDPR)
  • Right to Erasure (Art. 17 GDPR)
  • Right to Restriction of Processing (Art. 18 GDPR)
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Object (Art. 21 GDPR)
  • Right to Withdraw Consent (Art. 7(3) GDPR)

To exercise your rights, please contact:support@ki-bilder-erstellen.com

8. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data. The supervisory authority responsible for us is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or the respective state data protection authority.

9. Data Security

We use appropriate technical and organizational measures to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. These include SSL encryption, secure servers in Germany, and regular security updates.

10. Children and Minors

Our service is not directed at persons under 16 years of age. We do not knowingly process personal data of children under 16 years of age. Should we become aware of this, we will delete this data immediately.

11. Changes to the Privacy Policy

We reserve the right to update this Privacy Policy to adapt it to changed legal situations or to changes in the service. In case of significant changes, we will inform you by email or by prominent notice on our website.

12. Cookie Policy

Our website uses cookies to provide you with an optimal user experience:

  • Necessary Cookies: Required for the basic functions of the website
  • Functional Cookies: Improve user-friendliness (with your consent)
  • Analytical Cookies: Help us improve the website (with your consent)

You can adjust your cookie settings at any time in your browser settings or manage them through our cookie banner.