Privacy Policy

1. Scope

We are pleased about your interest in our SaaS services Vistameet and Sparks for Teams (hereafter “Services”). The protection of your personal data is important to us. This privacy policy informs you about the type, scope and purposes of processing personal data in connection with our services and contract negotiations or execution.

2. Responsible Party

Company: Sparks for Teams (Geschäftsbereich der GoHunting Deutschland GmbH)
Address: Speditionstr. 15A, 40221 Düsseldorf, Germany
Data Protection Officer: Dr. Jörg Berthold
Email:  

• Vistameet is the controller (Art. 4(7) GDPR) for website usage, registration, customer account management, billing and support.
• For meeting content (audio/video, chat, files, recordings, AI transcripts), Vistameet acts as a processor (Art. 28 GDPR) on behalf of the respective customer.

3. Personal Data

When using our services, we process personal data, in particular technical log data (log files) such as IP address, date and time of access, name and URL of the retrieved file, amount of transmitted data, message about successful retrieval (HTTP response code), browser type and version, user operating system and referrer URL (previously visited page). In addition, we process technically necessary cookies (e.g. session management, language selection) and, during registration and account creation, details such as first and last name, business email address, company name and billing address (if applicable: phone number and VAT identification number). For support requests (email, ticketing system, chat), we process your name and email address, the content of your request and, if applicable, technical diagnostic information (e.g. log excerpts and screenshots).

• Log files: legal basis Art. 6(1)(f) GDPR (legitimate interest in security, stability and abuse prevention, as well as technical functionality and error analysis).
• Registration/account and payment processing: legal basis Art. 6(1)(b) GDPR (performance of contract).
• Support: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR (customer support).

4. Purpose of Data Processing

• Technical provision of the services and ensuring system security (error analysis/technical functionality)
• Website visits as well as operation and maintenance of the services
• Registration and administration of customer accounts
• Invoicing and payment processing (including use of payment service providers)
• Providing support and customer service
• Basic functionality via technically necessary cookies (e.g. session management, language selection)

5. Data Storage and Security

We store personal data only for as long as necessary for the respective purpose. After the respective retention periods, data is automatically and irreversibly deleted or anonymized. Depending on the data type, the following retention periods apply in particular: website log files 7 days; session cookies until the end of the session or up to a maximum of 365 days; customer account data until contract end plus 10 years (statutory retention); payment data 10 years; support tickets 3 years after completion. In individual cases, longer retention may be required to safeguard legitimate interests (e.g. evidence preservation, support history).

• Encryption: All data transmissions are carried out via TLS 1.2/1.3; stored data is encrypted (Encryption at Rest)
• Access controls: access to production systems only for authorized personnel with two-factor authentication (2FA)
• ISO 27001-certified data centers with physical security measures
• Regular security checks
• Privacy by default: cameras and microphones are disabled by default when joining a meeting
• Backup and disaster recovery: daily encrypted backups with 30-day retention

6. Your Rights

You have the following rights against Vistameet with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

7. Cookies and Tracking

Our services use exclusively technically necessary cookies. Cookies are small text files stored on your end device. Technically necessary cookies enable basic functions (e.g. session management, language selection) and are processed exclusively server-side for technical service provision. They are exempt from the obligation to obtain consent (§ 25(2) TDDDG). Retention: end of session or a maximum of 365 days.

8. Data Disclosure

Data is shared on the basis of a data processing agreement in accordance with Art. 28 GDPR. We host our services with providers such as IONOS SE, OVH GmbH and Hetzner Online GmbH; data centers are used exclusively within the EU/EEA. For the provision of AI features (transcription, translation, summaries), we use providers such as OVH GmbH. AI processing is carried out exclusively on behalf of the customer as commissioned processing; the AI models used for Vistameet and Sparks for Teams are operated in European data centers, and customer data is not used to train AI models. Public authorities receive data only if required by law (e.g. law enforcement) or to enforce our own legal claims. Transfer of personal data to countries outside the EU/EEA does not take place; if this becomes necessary in the future, it will be done exclusively on the basis of appropriate safeguards (e.g. EU standard contractual clauses in accordance with Art. 46 GDPR), and you will be informed in advance.

• Note for meeting participants: The respective meeting organizer is the data protection controller for the communication content within the meeting (audio/video data, chat, shared files, recordings and AI-generated content).
• If you join as a guest, please contact the meeting organizer for information under Art. 13/14 GDPR.
• AI-generated content (transcripts, summaries, translations) is transparently labeled in accordance with Art. 50 EU AI Act.

9. Contact and automated decisions

We do not make automated decisions with legal or similarly significant effects (Art. 22 GDPR). AI features are used solely for support and are transparently labeled.
If you have any questions about data protection or wish to exercise your rights, please contact:   (postal address: GoHunting Deutschland GmbH, Datenschutz, Speditionstr. 15a, 40221 Düsseldorf)