HEYAUPAIRS

PRIVACY POLICY

 
Effective DateNovember 5, 2025
Last UpdatedNovember 5, 2025
 
This PRIVACY POLICY (the “Policy”) explains how MultiKultur e.K., Helmholtzstrasse 50, 50825 Cologne, Germany (“Company,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal data of the users (“Users”, “you”, or “your”) when they use HeyAuPairs (“App” or “Platform”). 
 
This Policy is designed to comply with the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR), and applicable privacy laws worldwide, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). 
 
Your use of the App states your acceptance of this Policy. If you do not agree with this Policy, please do not use the App.

1. DATA CONTROLLER AND CONTACT
 
1.1 Data Controller Details
 
1.1.2. Name - MultiKultur e.K.
 
1.1.3. Address - Helmholtzstrasse 50, 50825 Cologne, Germany
 
1.1.4. Email - info@heyaupairs.com
2. DATA COLLECTED BY US
2.1. Account Registration Data
 
2.1.1. We collect identification data, including your full name, nationality, country of origin, date of birth.
 
2.1.2. Your account credentials, consisting of your email address, and the encrypted password.
 
2.2. Usage and Technical Data
 
2.2.1. We automatically record your IP address, device identifiers, browser type, operating system, and mobile network information whenever you use the App. 
 
2.2.2. We also collect information about your App usage, such as pages viewed, session duration, and interactions within public forums and private chats. 
 
2.2.3. We use cookies and similar tracking technologies to remember your preferences and analyze App performance.
 
2.3. User-Generated Content
 
2.3.1. Any text, images, or files you upload to public forums or private chat messages are processed and stored to enable Platform functionality.
3. LEGAL BASIS FOR DATA PROCESSING
3.1 We rely upon the following provisions under the GDPR to process your data:
 
3.1.1. Performance of a Contract (Article 6(1)(b) GDPR) - We process your registration and account data to provide you with access to the App and to perform our contractual obligations.
 
3.1.2. Legitimate Interests (Article 6(1)(f) GDPR) - We process your data to maintain the security and integrity of the App, prevent fraud, and improve our services.
3.1.3. Legal Obligations (Article 6(1)(c) GDPR) - We process your data as necessary to comply with applicable laws, regulations, and legal processes.
 
3.1.4. Consent (Article 6(1)(a) GDPR) - We process your data for certain optional activities, such as marketing communications or non-essential cookies etc., based on your explicit consent, which you may withdraw at any time.
4. PURPOSES OF DATA PROCESSING
4.1. We process the personal data we collect for the following purposes:
 
4.1.1. To create and manage your User account, authenticate your identity, and provide you secure access to the App.
 
4.1.2. To deliver the core functionalities of public forums and private chats, including storing and retrieving your content.
 
4.1.3. To communicate with you about account updates, changes to the App, and support inquiries.
 
4.1.4. To monitor usage patterns and detect or prevent security incidents, unauthorized access, and other fraudulent activities.
 
4.1.5. To evaluate and improve the App’s performance, usability, and features by analyzing aggregated and pseudonymized usage data.
 
4.1.6. To comply with our legal obligations under German and EU laws and to respond to lawful requests by public authorities.
 
4.1.7. To send newsletters, promotional offers, and other marketing communications, with your explicit consent.
5. DATA SHARING AND DISCLOSURE
5.1. We do not sell or rent your personal data to third-parties. We may share your data in the following limited circumstances:
 
5.1.1. Within the Company, including AuPair, for administrative, technical support, and compliance purposes. Such sharing is governed by our internal data-processing agreements and occurs only on a need-to-know basis.
 
5.1.2. With our trusted service providers, such as hosting, analytics, email delivery, and customer-support vendors, who process data on our behalf under GDPR-compliant contracts and only in accordance with our instructions.
 
5.1.3. When required by law, regulation, or court order, or in response to lawful requests by governmental authorities.
 
5.1.4. In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations and data‐protection safeguards.
 
5.1.5. To protect the rights, property, or safety of our users or others, including enforcing our Terms and Conditions and responding to security or technical issues.
6. CROSS-BORDER TRANSFERS
6.1. Our primary data storage and processing operations occur within the European Economic Area (EEA). However, some of our service providers, cloud infrastructure partners, and processors may operate in the United States, Canada, or other non-EEA countries.
 
6.2. If we transfer your personal data outside the EEA, we implement appropriate safeguards to ensure adequate protection, including reliance on the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to jurisdictions that have received an EU adequacy decision. 
 
6.3. When you communicate via forums or private chat with users located outside the EEA, your shared content may be stored or accessible in those Users’ jurisdictions, and could become subject to the local laws and regulations of those countries.By participating in cross-border communications, you acknowledge that your data may be processed outside your home jurisdiction and consent to such transfers in accordance with this Privacy Policy.
 
6.4. We regularly review our international transfer mechanisms to ensure continued compliance with evolving data protection requirements and maintain appropriate contractual protections with all third-party processors handling your personal data.
7. DATA RETENTION
7.1. We retain your personal data only for as long as necessary:
 
7.1.1. To fulfill the purposes outlined in this Policy,
 
7.1.2. To comply with our legal obligations, including commercial and tax-law retention periods under German law,
 
7.1.3. To resolve disputes, and 
 
7.1.4. To enforce our agreements. 
 
7.2. Where permitted by law, personal data relating to closed accounts will be erased within thirty (30) days following account closure, unless we are required to retain specific records for regulatory, legal, or security purposes, like those pursuant to the German Commercial Code (HGB) or Tax Code (AO).
8. YOUR DATA PROTECTION RIGHTS
8.1. Under the GDPR and the BDSG, and applicable privacy laws in the United States and Canada, you have the following rights regarding your personal data:
 
8.1.1. Right of Access - You may request a copy of the personal data we hold about you.
 
8.1.2. Right to Rectification - You may ask us to correct inaccurate or incomplete data.
 
8.1.3. Right to Erasure - You may request deletion of your personal data (“right to be forgotten”) when there is no overriding legal reason to retain it.
 
8.1.4. Right to Restrict Processing - You may request that we limit the processing of your data under certain circumstances.
 
8.1.5. Right to Data Portability - You may request to receive your data in a structured, commonly used, and machine‐readable format.
 
8.1.6. Right to Object - You may object to the processing of your data based on legitimate interests, including profiling.
 
8.1.7. Right to Withdraw Consent - You may withdraw any consent you have given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
 
8.1.8. Right to Lodge a Complaint - You have the right to lodge a complaint with a supervisory authority, such as the Data Protection Authority (DPA), if you believe our processing of your data violates applicable law.
 
8.1.9. Additional Rights for US and Canadian Users - If you are a resident of California or another U.S. state with applicable privacy laws, or a resident of Canada, you may have additional rights, including the right to request that we do not sell or share your personal information for targeted advertising purposes, and the right to opt out of such activities. We do not sell personal data, but if you wish to exercise any applicable rights under CCPA, CPRA, or PIPEDA, you may submit a request via info@heyaupairs.com.

8.2. To exercise any of these rights, please contact us via info@heyaupairs.com.
9. SECURITY MEASURES
9.1. We implement appropriate technical and organizational measures, including such as encryption, access controls, secure data centers, and regular security audits, to protect your personal data against unauthorized access, alteration, disclosure, or destruction. 
 
9.2. However, please note that no Internet transmission or electronic storage is completely secure.
10. CHILDREN’S PRIVACY
10.1. Our App is intended for use by individuals aged eighteen (18) years or older. 
 
10.2. We do not knowingly collect or process personal data from children under thirteen (13) years of age. 
 
10.3. In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), the GDPR, and other applicable international privacy laws, we have implemented measures to prevent the collection of personal information from minors. 
 
10.4. If we become aware that we have inadvertently collected personal data from a child under thirteen (13) years of age without verified parental consent, we will take immediate steps to delete such information from our systems and records.
 
10.5. If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us immediately at info@heyaupairs.com so that we can take appropriate action. We will work promptly to investigate and remove any such data in accordance with our legal obligations.
11. COOKIES AND TRACKING
11.1. We use cookies, web beacons, pixels, and similar technologies to enable core functionality, authenticate users, remember preferences, and analyze usage. These technologies help us understand how users interact with the App and allow us to improve performance and features.
 
11.2. Types of Cookies
 
11.2.1. Essential Cookies -  Required for the App to function properly and enable critical features such as account login, security, and session management. These cookies cannot be disabled, as doing so would prevent the App from operating correctly.
 
11.2.2. Non-Essential Cookies - These cookies, including analytics and preference cookies, are used to track usage behavior and optimize the App experience. You may manage your preferences regarding non-essential cookies through the in-app privacy settings or by adjusting your browser or device settings.
 
11.3. You may manage your cookie preferences through the settings in the App or by adjusting your browser settings. Please note that disabling non-essential cookies will not affect core functionality, but may limit certain personalization features or analytics capabilities.
 
11.4. Essential cookies are required for the App to function, and cannot be disabled.
 
11.5. For California residents and other U.S. users, you may have additional rights to opt out of certain tracking activities. Please refer to your applicable state privacy law rights as described in this Policy.
 
11.6. By continuing to use the App after adjusting your cookie preferences, you acknowledge that essential cookies will remain active and necessary for the App's operation.
12. THIRD-PARTY LINKS
12.1. The App may contain links to other third-party websites or services. This Policy does not apply to those external sites. 
 
12.2. We encourage you to review the respective privacy policies of any sites you visit.
13. POLICY CHANGES
13.1. We may revise this Policy from time to time to reflect changes in our practices or legal requirements. 
 
13.2. We will notify you of material changes via the App or by email, and we will update the “Last Updated” date. 
 
13.3. Your continued use of the App after such updates constitutes acceptance of the revised Policy.
14. ADDITIONAL RIGHTS FOR US AND CANADIAN RESIDENTS
14.1. US Residents - If you are a resident of California or another U.S. state with applicable consumer privacy laws, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
 
14.1.1. Right to Know - You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting or selling the information, and the categories of third parties with whom we share personal information.
 
14.1.2. Right to Delete - You have the right to request deletion of your personal information, subject to certain exceptions such as legal compliance obligations or the establishment, exercise, or defense of legal claims.
 
14.1.3. Right to Correct - You have the right to request correction of inaccurate personal information that we maintain about you.
 
14.1.4. Right to Opt Out - You have the right to opt out of the "sale" or "sharing" of personal information as those terms are defined under CCPA and CPRA. We do not sell or share personal information for monetary consideration or for cross-context behavioral advertising purposes.
14.1.5. Right to Non-Discrimination - We will not discriminate against you for exercising any of your privacy rights under applicable law.
 
14.2. Canadian Residents - If you are a resident of Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. You have the right to:
 
14.2.1. Access Your Information - Request access to your personal information that we hold and information about how it has been used and disclosed.
 
14.2.2. Correct Your Information - Request correction of any inaccurate or incomplete personal information.
 
14.2.3. Withdraw Consent - Withdraw your consent to the processing of your personal information at any time, subject to legal or contractual restrictions.
 
14.2.4. Challenge Compliance - File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights under PIPEDA.
 
14.3. To exercise any of the above rights, please contact us at [Insert relevant authority’s Email]. We will respond to your request within the timeframes required by applicable law, typically within forty-five (45) days for CCPA/CPRA requests, and thirty (30) days for PIPEDA requests. You may be required to verify your identity before we process your request to protect your privacy and security.
 
14.4. We do not sell personal information as defined under CCPA, CPRA, or any other applicable privacy law, nor do we engage in the sale or sharing of personal data for monetary or other valuable consideration.
15. GOVERNING LAW
15.1. This Policy is governed by and construed in accordance with the laws of the Federal Republic of Germany, consistent with our Terms and Conditions. The interpretation, validity, and enforcement of this Policy shall be subject exclusively to German law, without regard to its conflict of law principles.
 
15.2. Any disputes, claims, or controversies arising out of or relating to this Policy, our data processing practices, or your privacy rights shall be subject to the exclusive jurisdiction of the competent courts located in Cologne, Germany. By using the App and providing your personal data, you expressly consent to the personal jurisdiction and venue of these courts and waive any objection based on inconvenient forum or lack of jurisdiction.
 
15.3. If you are a resident of a jurisdiction outside Germany, you acknowledge that your personal data will be governed by German law and that any legal proceedings regarding privacy matters will be conducted in German courts, in accordance with German procedural and substantive law.
 
15.4. Nothing in this clause shall prevent you from filing a complaint with a data protection supervisory authority in your country of residence or habitual abode, or the relevant data protection authority in your jurisdiction.
16. CONTACT US
16.1. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
 
16.1.1. Authority - MultiKultur e.K.
 
16.1.2. Address - MultiKultur e.K. Helmholtzstrasse 50, 50825 Cologne,      Germany
 
16.1.3. Emailinfo@heyaupairs.com
 
16.2 Our team will respond to your inquiries promptly and in accordance with the applicable law.