Privacy Policy

1. Introduction

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of legal regulations (GDPR, Austrian DSG, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing on our website and in our apps.

2. Data Controller

SAMI International
Mag. Irmengard Hanzal
Donauring 8
A-3421 Höflein an der Donau
Austria

Email: office@sami.at

Phone: +43 (0) 664 532 18 54

3. Data We Collect

3.1 When Using Our Website/App

Each time you access our website, the following data is automatically collected:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred
Website from which the request comes (referrer)
Browser and browser version
Operating system
Language and version of the browser software
Device type (desktop, tablet, smartphone)

3.2 During Registration

Email address
Name (first and last name)
Profile picture (optional)
Phone number (optional)
Preferred language
Location/Country

3.3 When Using Premium Features

Payment information (processed via Stripe)
Purchase history
Subscription status
Training progress and activities
Uploaded videos and media
Community posts

3.4 Contact Forms

When you use our contact forms (general contact, instructor contact, center contact), we collect:

Name (first and last name)
Email address
Phone number
Subject of your inquiry
Message content

This data is processed exclusively to respond to your inquiry. The data is transmitted to the relevant recipient (SAMI International, instructor, or center) and stored until the inquiry has been fully processed.

Legal basis: Art. 6(1)(b) GDPR (initiation of contract) or Art. 6(1)(f) GDPR (legitimate interest in processing inquiries).

3.5 Newsletter Subscription

When you subscribe to our newsletter, we collect:

Email address
Name (optional)
Subscription preferences

Your data will be used exclusively for sending the newsletter and will not be shared with third parties. You can unsubscribe at any time via the link in each newsletter or by contacting us.

Legal basis: Art. 6(1)(a) GDPR (consent).

4. Legal Basis for Processing

We process your data on the following legal bases:

Art. 6(1)(a) GDPR (Consent): For marketing cookies, newsletters, and optional features
Art. 6(1)(b) GDPR (Contract Performance): For providing our services, payment processing, and customer support
Art. 6(1)(f) GDPR (Legitimate Interest): For improving our services, fraud prevention, and security

5. Services Used and Data Transfers

5.1 Hosting and Infrastructure

Vercel Inc. (USA)
Our website is hosted on Vercel. Vercel processes access data (IP addresses, browser data) to provide the website.
Privacy Policy: https://vercel.com/legal/privacy-policy
Legal basis: Art. 6(1)(b) and (f) GDPR

5.2 Authentication and Database

Google LLC - Firebase (USA)
We use Firebase for user authentication (Firebase Auth), data storage (Firestore), file storage (Firebase Storage), and backend functions (Cloud Functions).
Privacy Policy: https://firebase.google.com/support/privacy
Legal basis: Art. 6(1)(b) GDPR

5.3 Payment Processing

Stripe Inc. (USA)
We use Stripe for payment processing. Stripe processes payment data (credit card numbers, bank details) directly and securely. We do not have access to complete payment data.
Privacy Policy: https://stripe.com/privacy
Legal basis: Art. 6(1)(b) GDPR
RevenueCat Inc. (USA)
For in-app purchases in our mobile apps, we use RevenueCat.
Privacy Policy: https://www.revenuecat.com/privacy
Legal basis: Art. 6(1)(b) GDPR

5.4 Analytics and Marketing

Google Analytics 4 (Google LLC, USA)
We use Google Analytics 4 to analyze website usage. Data collection only occurs with your consent (cookie banner). IP addresses are anonymized.
Privacy Policy: https://policies.google.com/privacy
Legal basis: Art. 6(1)(a) GDPR
Meta Pixel (Meta Platforms Inc., USA)
We use Meta Pixel (formerly Facebook Pixel) for marketing purposes and to measure advertising effectiveness. This only occurs with your consent.
Privacy Policy: https://www.facebook.com/privacy/policy
Legal basis: Art. 6(1)(a) GDPR

5.5 Video Streaming

Mux Inc. (USA)
We use Mux for providing video content.
Privacy Policy: https://mux.com/privacy
Legal basis: Art. 6(1)(b) GDPR
Vimeo Inc. (USA)
Vimeo embeds are used for certain video content.
Privacy Policy: https://vimeo.com/privacy
Legal basis: Art. 6(1)(b) GDPR
YouTube (Google LLC, USA)
For embedded YouTube videos.
Privacy Policy: https://policies.google.com/privacy
Legal basis: Art. 6(1)(a) GDPR

5.6 Map Services

Google Maps (Google LLC, USA)
We use Google Maps to display training locations. This only occurs with your consent.
Privacy Policy: https://policies.google.com/privacy
Legal basis: Art. 6(1)(a) GDPR

5.7 Email Delivery

Resend Inc. (USA)
We use Resend for sending:

Transactional emails (confirmations, reminders, account notifications) - Legal basis: Art. 6(1)(b) GDPR
Marketing emails (newsletters, promotions, product updates) - Legal basis: Art. 6(1)(a) GDPR (only with your consent)

You can unsubscribe from marketing emails at any time via the unsubscribe link in each email or in your account settings.
Privacy Policy: https://resend.com/legal/privacy-policy

5.8 Search Functionality

Algolia Inc. (USA)
We use Algolia for the search functionality on our platform.
Privacy Policy: https://www.algolia.com/policies/privacy/
Legal basis: Art. 6(1)(b) GDPR

5.9 Content Management

Storyblok GmbH (Austria)
We use Storyblok for managing certain website content.
Privacy Policy: https://www.storyblok.com/legal/privacy-policy
Legal basis: Art. 6(1)(b) GDPR

5.10 Artificial Intelligence

OpenAI Inc. (USA)
We use OpenAI for certain AI-powered features.
Privacy Policy: https://openai.com/privacy
Legal basis: Art. 6(1)(b) GDPR
Google AI (Google LLC, USA)
We also use Google AI (Gemini) for AI features.
Privacy Policy: https://policies.google.com/privacy
Legal basis: Art. 6(1)(b) GDPR

6. International Data Transfers

Many of our service providers are located in the USA. The transfer of personal data to the USA is based on:

EU Standard Contractual Clauses (SCCs)
EU-US Data Privacy Framework (for certified companies)
Your explicit consent (for optional services)

7. Data Retention

We only store your data as long as necessary for the respective purposes:

Account data: Until deletion of your account
Payment data: 7 years (legal retention requirement)
Analytics data: 26 months (Google Analytics)
Log data: 90 days
Marketing data: Until withdrawal of your consent

8. Your Rights

You have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

You have the right to request confirmation of whether we process personal data about you and, if so, to receive information about this data.

8.2 Right to Rectification (Art. 16 GDPR)

You have the right to request immediate rectification of inaccurate data.

8.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your data, unless legal retention obligations apply.

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of the processing of your data.

8.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format.

8.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing at any time for reasons arising from your particular situation.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You can withdraw given consents at any time with effect for the future.

8.8 Right to Complain

You have the right to file a complaint with the competent supervisory authority:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at

9. Contact for Data Protection Inquiries

For all questions regarding data protection, please contact:

SAMI International

Data Protection
Donauring 8
A-3421 Höflein an der Donau