Privacy Policy

Download Privacy Policy

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you visit our website or use our Service and the choices you have regarding that data.

- www.wonder.me -

Within the use of the website wonder.me and/or the use of its videochat-platform “wonder.me” (hereinafter also referred to as “services”), we, as the data controller, collect and store the data you provided as long and so far this is necessary to fulfil the specified purposes and legal obligations. 

In the following, we will inform you what data is involved, how the data is processed and what rights you have in this regard.

According to Article 4 no. 1 General Data Protection Regulation (GDPR) personal data means any information relating to an identified or identifiable natural person (in the following „person concerned or user“).

1. Name and contact data of the data controller  

This Data Protection Policy covers data processing on the website www.wonder.me by: Wonder Technologies GmbH, Tempelhofer Ufer 1A, 10961 Berlin, Germany (in the following „wonder.me“), Email: info@wonder.me.

The Data protection officer of wonder.me can be reached via e-Mail to dpo@wonder.me. You can always reach out to our data protection officer directly if you have any questions about data protection law or about your rights as a data subject.

2. Collection and storage of personal data and as well as nature, purpose and their use

We collect and store your data to the extent described below when you visit our website or use our services, in particular to provide and improve our services. We process your data (especially the information you provide to us or your user data) exclusively on the specified legal basis (Art. 6 DSGVO) and therefore might use service providers if indicated.

a) When visiting the website 

You can access the website wonder.me without disclosing your identity. The browser on your end device automatically sends information to our website server (e.g. IP address of the querying computer, date and time of the access, name and URL of the accessed file, browser type and version, and also further information sent by the browser such as your computer’s operating system, the name of your access provider, geographical origin, etc.). When you access the Service by or through a mobile device, information like the type of mobile device, the unique ID of the mobile device, the IP address of the mobile device, the mobile operating system, the type of mobile Internet browser, and unique device identifiers might also be sent to our website server.

This information, which also includes your IP-address, is temporarily stored in a log file. The following information is collected without any action on your part and deleted automatically after 4 weeks.

We process this data to ensure a trouble-free connection to the website, a comfortable use of our website and its services, for evaluating system security and stability and also for further administrative purposes.

The legal foundation for the data processing is Art. 6 Subs. 1 Sentence 1 lit. b and f GDPR. Our legitimate interest follows from the above purposes for the data collection, especially our economic interest to make our offer available on this website as well as in secure data processing. 

Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

In this context we use the following service provider:

  • Webhosting

The offer of the website requires the commissioning of a webhosting service.

For the provision of this website, we use the web hosting service Webflow Inc., 398 11th St, San Francisco, CA 94103, USA (hereinafter “Webflow”).

In connection with hosting, Webflow collects data on our behalf, which accrues during the use of the website. We have concluded a data processing agreement with Webflow. Through this agreement, the service provider ensures that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the data subject’s rights.

  • AWS

We use the cloud service Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (hereinafter "AWS") to provide the website and its services.

The AWS server location is Europe. Thus, AWS ensures that the data is not transmitted to the USA. In addition, Amazon Web Service is certified by reliable security standards, including ISO 27001, SOC 1/2/2 and PCI DSS Level 1.

For more information, please visit: https://aws.amazon.com/de/compliance/eu-data-protection/

In addition, we also use cookies and analytics services during visits to our website. Further explanations can be found under section 4 and 5 of this Data Protection Policy.

  • Dropbox

We use the file hosting services of Dropbox Inc. to store videos that we show you when you visit our website. If you have an account and you are logged in to dropbox, dropbox may be processing data about you.

For more information see dropbox’s data privacy policy under https://www.dropbox.com/de/privacy?view_en#privacy.

  • Google Fonts

Our Website uses so-called web fonts provided by Google for the uniform display of fonts.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

b) When using our services  

When using our services we will collect and store your data to the following extent, depending on which service you use. We hereby might use the services of a service provider, if indicated.

     A) When entering a room

When entering a digital room as a guest, we will ask you to provide us with the following information:

  • Username 
  • picture

Provision of this data is voluntary.

This data is collected

  • to display your name and if applicable your picture to other users within the digital space and services of wonder.me.

The data is processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR is required for the stated purposes of fulfilling the contract and pre-contractual measures.

When using the services as a guest or a registered user, we collect the following information:

  • audio
  • video

This data is collected, but not stored, for the only purpose to stream your audio and video to the other participants in the same virtual meeting space.

The data is processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR is required for the stated purposes of fulfilling the contract and pre-contractual measures.

     B) When setting up a user account

You can set up a password-protected user account with us in which we save your personal data. The purpose of this is to provide you with the greatest possible comfort through easier, faster and more personal use of the website and its services.

If you would like to set up a password-protected user account with us, we need the following information from you:

  • Username, 
  • a valid email address.

In addition, to open a user account you have to enter a password of your choice. Together with your email address this provides access to your user account. 

Further more we ask you to provide us with a 

  • picture of you to be displayed to other users within the digital space of wonder.me.

The provision of this data is voluntary.

The data is processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR and is required for the stated purposes of fulfilling the contract and pre-contractual measures.

Creating a user account is not required for using our website and its services. We also offer you the possibility of using the platform as a guest. In that case however, you have to enter your data again every time you use the services.

After your user account is deleted, your personal data is automatically deleted, unless we are obliged to longer storage under legal documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

If you create your own digital room via our services, we will in addition process your data as pointed out in the following section no. 3 “When receiving automated emails”.

     C) When receiving automated emails 

We send automated confirmation emails on the legal basis of Art. 6 Subs. 1 Sentence 1 lit. a DSGVO using the MailChimp service from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA ("MailChimp"). The email addresses of our email recipients are stored on MailChimp's servers in the USA on our behalf.

MailChimp uses this information to send and evaluate the automated emails on our behalf. We have concluded a Data Protection Agreement with MailChimp for this purpose. Through this contract, MailChimp assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject. MailChimp assures that personal data is comprehensively protected against unauthorised access. MailChimp itself does not use the data of our email recipients to write to them itself or pass the data on to third parties. 

MailChimp also offers statistical evaluation options of usage data by means of cookies, such as determining whether an email was opened, when it was opened and which links are clicked. The evaluations are also used to identify the reading habits of users and allows us to adapt our content or send different content according to the interests of our users. For this purpose, the date, time, time zone, the email type (HTML/Plain Text), latitude and longitude of your location and your IP address are stored when you open the email. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO and our interest lies in the statistical evaluation of the use of our emails.

The information generated by MailChimp about the use of our website is transmitted to MailChimp servers in the USA and processed there. We have concluded a contract with MailChimp incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU is in place (see also section 3c on data transfer to the USA). 

     D) When registering for a newsletter 

When registering for our newsletter, you will receive a registration notification by email, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof for us that the registration was actually initiated by you.

We use your email address to send you a newsletter on the legal basis of Art. 6 Subs.1 1 Sentence 1 lit. a DSGVO (consent).

You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time to info@wonder.me. Your email address will be deleted immediately after you revoke your consent to receive your newsletter, unless we are entitled to continue to store your e-mail address on the basis of other legal grounds.

To send you a newsletter we use the services of Reply App Inc., 340 King St E, Ontario M5A 1 L3, Toronto, Kanada.

The email addresses of our newsletter recipients are stored on Reply App's servers in Canada on our behalf. Reply App uses this information to send and evaluate the newsletters on our behalf. We have concluded a Data Protection Agreement with Reply App for this purpose. Through this contract, Reply App assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.

Reply App assures that personal data is comprehensively protected against unauthorised access. Reply App itself does not use the data of our newsletter recipients to write to them itself or pass the data on to third parties. 

Reply App also offers statistical evaluation options of usage data by means of cookies, such as determining whether a newsletter was opened, when it was opened and which links are clicked. The evaluations are also used to identify the reading habits of users and allows us to adapt our content or send different content according to the interests of our users. For this purpose, the date, time, time zone, the email type (HTML/Plain Text), latitude and longitude of your location and your IP address are stored when you open the newsletter. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO and our interest lies in the statistical evaluation of the use of our newsletter.

The information generated by Reply App about the use of our website is transmitted to Reply App servers in Canada and processed there. 

     E) When using our contact form 

We give you the option of contacting us via a form on our website. If you do so, the following details are required:

  • email address, 
  • your query and a query subject and 
  • (optional) attachments.

The information listed is processed for the purpose of answering your query. 

To process your query we use the services of Intercom, Inc, 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA ("Intercom"). Intercom processes this information in order to provide customer support on our behalf. We have concluded a data protection agreement with Intercom for this purpose. Through this contract, Intercom assures that it processes the data in accordance with the GDPR and ensures the protection of the rights of the data subject. Intercom assures that personal data is comprehensively protected against unauthorised access. Intercom itself does not use your data to contact you for its own purposes or to pass it on to third parties. 

The legal basis for the data processing is Art. 6 Subs. 1 Sentence 1 lit. f GDPR on the basis of our legitimate interests to provide our users an excellent customer service and help using our services appropriately.

The personal data we collected for using the contact form will be automatically deleted after your query has been dealt with.

     F) Tools and further service provider

We use further tools and service providers as pointed out below to provide and improve our services on the basis of Art. 6 Subs. 1 Sentence 1 lit. b and/ or f GDPR (performance of a contract and/ or legitimate interest). We have concluded a contract with all service providers listed below incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU is in place (see also section 3c on data transfer to the USA).

  • Plug-ins

Our Service may contain plug-ins or links to other sites that are not operated by us. The plug-ins do not establish direct contact from the browser of the user to the service of the provider. By clicking on the respective plug-in the user is redirected to the website of the provider. We have no influence on the processing of personal data on third party websites. 

  • Agora

We use the services of Agora Lab, Inc., 2804 Mission College Blvd, Suite 110, Santa Clara, CA 95054, United States to provide our services of real time videochats. The data is only stored as long as it is necessary for the purpose of the processing and no retention periods oppose the deletion. 

For more information on Sentry's data protection, please visit https://www.agora.io/en/privacy-policy.

  • Twilio

We use the service provider Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA (hereinafter "Twilio") to provide our services and to provide a fast connection with a large amount of user groups. 

Twilio is certified by reliable security standards, including SOC2, ISO 27001.

For more information on privacy related to Twilio, please see Twilio's privacy policy: https://www.twilio.com/legal/data-protection-addendum.

  • DigitalOcean

We use the service provider DigitalOcean LLC, 101 Ave of the Americas, 10th Floor, New York 10013, USA (hereinafter „Digital Ocean“) to manage the database for our services.

You can find further information here: https://www.digitalocean.com/legal/privacy.

  • Sentry

We use the service Sentry, from Functional Software, Inc, 1501 Mariposa St #408, San Francisco, CA 94107, USA). We use this service to improve the technical stability of our service by monitoring system stability and identifying and logging code errors. Sentry does not evaluate data for advertising purposes. Only connection data, browser data and user device data is processed.

The data is only stored as long as it is necessary for the purpose of the processing and no retention periods oppose the deletion. 

For more information on Sentry's data protection, please visit https://getsentry.com/privacy.

3. Transfer of data 

Your personal data will not be transferred to third parties for purposes other than those specified below.

a) For execution of the contract 

To the extent that this is legally permitted and according to Art. 6 Subs. 1 S. 1 lit. b  GDPR necessary for executing contractual relationships with you your personal data may be communicated to third parties. This covers the transfer to provide IT services. The transferred data may be used by the third party exclusively for the stated purposes.

b) For other purposes 

Apart from that we will only transfer your personal data to third parties, if:

  • you have expressly given your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR;
  • in cases where transfer of your data is necessary for compliance with a legal obligation pursuant to Art. 6 Sub. 1 Sentence 1 lit. c GDPR;

c) Third countries data transfers

A transfer of personal data to a third country or an international organisation only takes place if we inform you about it and the prerequisites of Art. 44 ff. DSGVO are given.

A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for this country pursuant to Article 45 (1) of the GDPR confirming that adequate protection for personal data exists in the country.

The USA is a so-called unsafe third country. This means that the USA does not offer a level of data protection comparable to that in the EU. The following risks exist when personal data is transferred to the USA. There is a risk that US authorities may gain access to the personal data on the basis of the surveillance programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens do not have effective legal protection against these accesses in the US or the EU.

This is why we inform you in this privacy information when and how we transfer personal data to the USA or other unsecure third countries. We only transfer your personal data if

  • the recipient provides sufficient guarantees in accordance with Art. 46 DSGVO for the protection of the personal data,
  • you have expressly consented to the transfer, after which we have informed you of the risks, in accordance with Art. 49 Para. 1 lit. a) DSGVO,
  • the transfer is necessary for the fulfilment of contractual obligations between you and us,
  • or if another exception from Art. 49 DSGVO applies.

Guarantees according to Art. 46 of the GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.

4. Cookies and Pixels 

a) Cookies

We use cookies and similar tracking technologies on our website. Cookies are small files that your browser automatically creates and saves on your end device (laptop, tablet, smartphone or suchlike) when you visit our website. Cookies do not cause any harm to your computer and do not contain any viruses, trojans or other malware.

The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.

Cookies are used on the one hand so that we can make the use of our services more pleasant for you. Therefore, we use session cookies to recognise that you have already visited individual pages of our website.

In addition, we use temporary cookies saved on your end device for a certain defined period to optimise user friendliness. If you visit our website again to use our services, it is automatically recognised that you were already here before and which entries and settings you made so that you do not have to repeat them.

On the other hand, we use cookies to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you. These cookies enable us to automatically recognise that you were here before the next time you visit our website. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the stated purposes to protect our justified interests and also of third parties under Art. 6 Subs. 1 Sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. You can configure your browser, however, so that no cookies are saved on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies can, however, lead to you not being able to use all the functions of our website.

b) Pixel

Tracking pixels are small 1×1 pixel GIF files that can be hidden in graphics when you visit our website. Pixels also do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

The pixels send your IP address, the referrer URL of the website visited, the time at which the pixel was viewed, the browser used, as well as previously set cookie information to a web server. This enables us to carry out reach measurements and other statistical evaluations, which serve to optimise our platform and our offer.

c) Consent-Management-Tool

We use the consent management tool of Objectis Ltd., Žalgirio st. 88, LT-09303, Vilnius, Lithuania (hereinafter: “Cookie-Script“). In this context, the date and time of the visit, browser information, consent information, device information and the IP address of the requesting device are processed. The legal basis is Art. 6 para. 1 p. 1. lit. f DSGVO (legitimate interest). Obtaining and managing legally required consents is considered a legitimate interest in the sense of the aforementioned provision. Cookie Script stores consents and revocations on our behalf and on our instructions. Further information on data protection at Cookie Script can be found here.

Any tracking and targeting measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. a GDPR (consent).

With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.

Via the deployed targeting measures we want to ensure that you only see advertising tailored to your actual or presumed interests on your end devices.

These interests are to be considered as justified within the meaning of the aforementioned regulation.

The pertinent data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

5. Data subject rights 

You have the right: 

  • pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future; 
  • pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
  • pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
  • pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
  • pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.

6. Right to object pursuant to Art. 21 GDPR

In so far as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. e and Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, insofar as there are grounds arising from your particular situation or it relates to objection to direct marketing. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation; This also applies to profiling based on those provisions as defined in Art. 4 no 4 GDPR.

If you submit an objection we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.

If your objection is to the processing of data for direct marketing purposes, we shall cease processing immediately. In this case it is not necessary for you to assert a particular situation. This also applies to profiling to the extent that it is related to such direct marketing.

If you want to exercise your right to object, simply send an email to info@wonder.me.

7. Data Security 

All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.

8. Actuality of and changes to this Data Protection Policy

This Data Protection Policy is the latest version and was last amended as of January 2021.

The further development of our website and offers on it or changes in statutory or public-authority requirements may render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under

Link of data protection policy

Last updated: 14.04.2021