Article 13 General Data Protection Regulation (GDPR)

1. General
PhiAcademy GmbH, FN 461082 m, Wiegelestraße 10, 1230 Vienna, Austria, is the Operator of the mobile application “PhiApp” (hereinafter “PhiApp”) and its enhanced version, the PhiApp Pro (hereinafter “Pro App”, together referred to as “Our Services” or “the App”). Users of the App (hereinafter „Users“ or “you”) have the opportunity to create an account (“Account”) in order to learn about the different treatment techniques and connect with and contact other Users regarding cosmetic services and courses.
With this information, PhiAcademy GmbH (hereinafter “PhiAcademy“ or “we“) informs you about the processing of your personal data (“Data“) as well as your Data protection claims and rights.

2. Which Data are processed and from which sources do they come from?
We process the Data that we receive from you as user of Our Services.
Personal Data include:
• Your personal details: e.g. name, city and country of residence, e-mail address, age, telephone number, profile photo and gender
• Your biography text and photos of your works if you are an artist (optionally, not required)
• Customer medical questionnaire, if you are a customer (optionally, not required). Medical questionnaire includes your height, weight, hair color, eye color, and you are able to select from the list if you suffer from some of the following diseases or taking any of following medicines: hemophilia, diabetes mellitus, hepatitis a,b,c,d,e,f, hiv+,skin diseases, eczema, allergies, autoimmune diseases, herpes, infection diseases, high temperature, epilepsy, cardiovascular problems, blood thinners (anticoagulants), are you pregnant, do you have wound healing, do you take medications on daily basis, do you have pace maker, have you consumed narcotics or alcohol 24h before, have you had surgery, laser therapy, or any other medical intervention in the past 14 days.
• Status and summaries of your treatments (optionally)
• Your questions and other comments in the Consultation section, if you choose to actively participate in this forum (optionally)
• Your appointments, be it as an artist or as a customer (optionally)
• Purchase Information: Your payment method, duration of your Pro Subscription, Price, Currency, VAT (based on country info). We use App platform providers to process purchases (Apple and Google). We process this payment information only if you subscribe for the Pro App.

3. For what purposes, duration and on which legal basis are Data processed?
We process your Data in accordance with applicable data protection law and for specific purposes and for a specific period. The most important purposes, duration and legal basis of the processing are listed below. If we collect Data from you for other purposes, we will inform you separately before collecting that Data.
3.1 PhiApp Profile (Customers and Artists)
Purpose: If you are a Customer, we process your Data for the purpose of managing your use of the PhiApp and during the period of your registration in our PhiApp, as long as you do not withdraw your consent.
If you are an Artist, we process your Data for the purpose of managing your contractual relationship with us, during the period of such contractual relationship and three years thereafter.
Duration: As long as you do not withdraw your consent.
Legal Basis: If you are a Customer, we process this Data based on your consent.
If you are an Artist, we process this Data in order to fulfill our contractual obligations and for our legitimate interests (to provide our customers a professional platform for their work and exchange experience).
3.2 PhiApp Pro (Customer and Artists)
Purpose: We process your Data to provide you with the additional functions and options of the Pro App and for managing your contractual relationship with you for the duration of your subscription.
Duration: As long as you do not cancel your subscription. Beyond that, we only store data, if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.
Legal Basis: We process your Data in order to fulfill our contractual obligations and for our legitimate interests (to provide you with all functions and options of the Pro App).
3.3 Biography text and Photos of your work and location of your business (only Artists)
Purpose: To show your business location, experience and work results to (potential) customers.
Duration: We process your biography text and photos of your work as long as you do not withdraw your consent. We process your business location as long as you are a Phi Artist and member of our Phi Artist community.
Legal Basis: We process your biography and photos of your work based on your consent. We process your business location based on our legitimate interests (to provide Customers with comprehensive information about our Artists network).
3.4 Customer Medical Questionnaire (only Customers)
Purpose: To provide this Data to Artists who will be treating you (only with your consent) in order to prevent health complications for you as a Customer.
Duration: As long as you do not withdraw your consent.
Legal Basis: We process this Data based on your consent.
3.5 Status and Summaries of your Treatments
Purpose: To manage your treatments, in order to provide you and our Artists with your treatment history.
Duration: As long as you do not withdraw your consent.
Legal Basis: We process this Data based on your consent.
3.6 Questions and Comments to the Consultation section (Customers and Artists)
Purpose: To enhance the user experience and to facilitate the sharing of experience and knowledge among the PhiApp users.
Duration: As long as you do not withdraw your consent.
Legal Basis: We process this Data based on your consent.
3.7 Appointments (Customers and Artists)
Purpose: To provide Customers and Artists the possibility to manage their appointments directly in the PhiApp.
Duration: As long as you are a registered user of the PhiApp.
Legal Basis: We process this Data based on our and our Artist’s legitimate interests. These interests are to be able to manage our Artist community (and for the Artists: to manage their customer community).
3.8 Newsletter
Purpose: If you subscribe to the PhiAcademy Newsletter, we process your Data (name, e-mail address, city, country , date of birth) for the purpose of direct marketing and advertisement. This means that we will send you personalized information by e-mail and inform you if we believe, based on your Data, that information about offers, services and events of PhiAcademy, Craftmaster or its affiliates is relevant and interesting to you.
Legal Basis: We process this Data based on your consent. You can withdraw your consent any time by e-mail to phiapp@phiacademy.at or if you click on the unsubscribe link in every Newsletter mail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Duration: As long as you do not withdraw your consent.

4. Who receives your Data?
Within PhiAcademy and our parent company, PhiAcademy d.o.o., those employees will receive your personal information, who need them for the purposes outlined above. In addition, we share the Data within the Artist and Customer community (your health data only with your explicit consent). If we are legally obliged to do so, we will also transfer your Data to public bodies and authorities. In addition, companies commissioned by us (in particular IT or payment services and back office providers) will receive your Data if they need them to fulfill their respective tasks. These providers are obliged to treat your Data confidentially and to process them only to the extent necessary for their service provision. If these companies provide their processing activities outside the European Economic Area, they have a Privacy Shield Certificate or have undertaken to ensure an adequate level of data protection.
We will transfer your Data to the following recipients:
• Company name: High Tech Engineering Center doo, Registered office of the company: Belgrade , Bulevar Milutina Milankovica 11b, Place of Data processing guarantee according to Art. 46 GDPR: Serbia; EU standard contractual clauses

• Company name: Phi-academy doo, Registered office of the company Belgrade, Bulevar Oslobodjenja 137, Place of Data processing; guarantee according to Art. 46 GDPR: Serbia; EU standard contractual clauses

• Company name: Google (only for google and phone logging), Registered office of the company Mountain View, 1600 Amphitheatre Parkway, Place of Data processing; guarantee according to Art. 46 GDPR USA; Privacy Shield

• Company name: Facebook (only for facebook logging), Registered office of the company Menlo Park, CA 94025, Place of Data processing; guarantee according to Art. 46 GDPR USA; Privacy Shield

• Company name The Rocket Science Group LLC (MailChimp), Registered office of the company 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, Place of Data processing; guarantee according to Art. 46 GDPR USA; Privacy Shield

• Company name: Apple (only for Apple logging), Registered office of the company Apple 1 Infinite Loop, Cupertino, CA 95014, USA, Place of Data processing; guarantee according to Art. 46 GDPR USA; Privacy Shield

5. Are you obliged to provide Data?
As a Customer, you are not obliged to provide any Data. However, to use the PhiApp with a value-add to you, it is necessary that you provide at least your contact details.
As an Artist and for the use of the Pro App (as an Artist or as a Customer) it is necessary that you provide the Data we need to fulfill our contractual obligations to you. Those Data are marked with (*) as mandatory. Unless you provide those mandatory Data, we will generally be unable to provide our services.

6. Your rights in the context of the processing of your Data
You have the right
• to request information about which of your personal Data we process (Article 15 GDPR);
• to rectify or erase your Data (Article 16 GDPR);
• to restrict the processing of your Data (Article 18 GDPR);
• to withdraw your consent (Article 7 GDPR);
• to object to the processing of your Data (Article 21 GDPR);
• to Data portability (Article 20 GDPR).
If you believe that we violate your rights under the GDPR or national data protection law when processing your Data, please contact us. This is the only way we can treat your concerns as quickly as possible. You also have the right to lodge a complaint with a supervisory authority (in Austria: www.dsb.gv.at).

7. Automated decision-making
We do not use automated decision-making or profiling according to Article 22 GDPR.

8. Who can you contact?
If you have any requests or concerns, you can contact us directly by e-mail, by phone or by post to the following address:

PhiAcademy GmbH
Wiegelestraße 10, 1230 Vienna
E-Mail: phiapp@phiacademy.at

Version 06 November 2023