Data Protection declaration (Foundation)
Provision of information pursuant to Art 13 of General Data Protection Regulation (EU) 2016/679 (“GDPR“) regarding the processing of personal data in the context of using our Foundation Analytics Portal https://goldenwhale.foundation/ (“Foundation“).
Thank you for using Foundation. The protection of your privacy is of high priority to us. Consequently, we process your personal data solely on the basis of the legal requirements prescribed by the GDPR in conjunction with the Austrian Data Protection Act (Datenschutzgesetz) as well as other relevant legal provisions.
1. Definitions and interpretation
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. As such, the broad definition of processing (Art 4 item 2 GDPR) of personal data means any operation or set of operations performed on personal data. Any information allowing us or third parties to potentially identify you in person can be considered your personal data, which makes you a data subject (Art 4 item 1 GDPR) within this context.
The following terms are particularly relevant for a better understanding of this Data Protection Declaration:
Term | Definition | Regulation |
Controller | Natural or legal person or other body which has decisive influence on the processing of personal and is therefore subject to data protection obligations. | Art 4 item 7 GDPR |
Joint Controllers | Controllers, which process personal data in common interest and have each at least partly a decisive influence on decisions made in this regard. | Art 26 GDPR |
Processor | External service provider which processes personal data on behalf of the controller and is contractually bound to its instructions. The processor thereby acts as a kind of extended arm of the controller. | Art 4 item 8 GDPR |
Recipient | Generally, every natural or legal person or other body outside of the organisation of the controller to which data being subject to the controller’s responsibility are disclosed. | Art 4 item 9 GDPR |
Legal basis | Condition determined by law that constitutes an authorisation to lawfully process personal data. | Art 6 para 1 GDPR |
Transfer to third countries | Transfer of personal data to countries outside of the EU respectively EEA through which they are detracted from the sole control of the GDPR due to stronger ties to the legal system of such third country. This might take place where data are disclosed to a recipient that (i) has its seat/residency in such third country or (ii) maintains a server there on which personal data are processed. | Chapter V GDPR |
Adequacy decision | A resolution of the European Commission through which the adequacy of the data protection level in a third country is acknowledged, and consequently a transfer of data is possible without further restrictions. | Art 45 GDPR |
Appropriate safeguards | Various instruments which allow the transfer of personal data into a third country for which an adequacy decision does not exist. As far as third-country transfers by us are based on appropriate safeguards, you may request a copy thereof by contacting us at dpo@goldenwhale.com. | Art 46 GDPR |
2. Information on the controller and contact details
|
Controller in the sense of Art 4 item 7 GDPR: |
Contact details: |
|
Golden Whale Productions GmbH (“we“) Antonigasse 3/5 1180 Vienna Austria |
Email: dpo@goldenwhale.com |
3. Processed Personal Data
When you use our SaaS product, we process only the following personal data:
Email address
4. Purpose and Legal Basis of Processing
We process your email address exclusively for the following purposes:
User authentication and access control (via Auth0)
Product usage analytics and improvement (via Mixpanel)
The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract) as the data is necessary to provide access to our service, and Article 6(1)(f) GDPR (legitimate interests) for usage analytics.
5. Data Recipients and Processors
We share your email address with the following third-party service providers:
Auth0 (Okta, Inc.), used for authentication and access management.
Mixpanel, Inc., used for product analytics.
These providers process your data on our behalf in accordance with data protection agreements under Article 28 GDPR.
6. Data Storage and Retention
Your email address is stored only for as long as necessary to provide our service. If you cancel your contract with us, we will remove your email address unless legal retention obligations require otherwise.
7. Data Subject Rights
As a data subject under the GDPR, you have the following rights:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
To exercise your rights, please contact us at dpo@goldenwhale.com.
8. Data Security
We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse.
9. International Data Transfers
As Auth0 and Mixpanel are based in the U.S., your data may be transferred outside the EU. We ensure compliance with GDPR by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs).
10. Changes to This Declaration
We may update this Data Protection Declaration from time to time. Changes will be published under Data Protection Declaration (Foundation), and we encourage you to review it periodically.
11. Contact and Supervisory Authority
For any questions regarding data protection, please contact us at dpo@goldenwhale.com.
If you believe that our data processing violates the GDPR, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, www.dsb.gv.at).
