Privacy Policy

1. Introduction

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter „data“) in connection with the provision of our services and our online offering, including associated websites, features, and content, as well as external online presences (e.g., our social media profiles). The definitions of terms such as “processing” or “controller” are based on Article 4 of the EU General Data Protection Regulation (GDPR).

This policy is aligned with the following international data protection laws:

  • EU General Data Protection Regulation (GDPR)
  • UK General Data Protection Regulation (UK GDPR)
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
  • Brazil’s Lei Geral de Proteção de Dados (LGPD)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

Where multiple regulations may apply, the one offering the highest level of protection will prevail.

2. Controller Information

aign.global – a member of
Travel+Feel magazine publishing e.K.
Patrick Upmann
Lerchenstraße 6b
85630 Neukeferloh, Germany


Email: message@now.digital
Legal Notice (Imprint): aign.global/impressum

3. Categories of Data Processed

  • Content data (e.g., text entries, photographs, videos)
  • Usage data (e.g., websites visited, interests, access times)
  • Meta and communication data (e.g., IP addresses, device data)

4. Categories of Data Subjects

Visitors and users of our website and digital services (“users”).

5. Purpose of Processing

  • Provision of the online offering and its functionalities
  • Responding to contact requests and user communication
  • IT security and prevention of misuse
  • Reach measurement, analysis, and marketing
  • Contract fulfillment and business communication
  • Affiliate tracking and integration of partner programs
  • Compliance with legal obligations

We process data under the following legal bases:

  • Consent (Art. 6(1)(a) GDPR / CCPA §1798.120 / LGPD Art. 7 / PIPEDA Principle 3)
  • Contractual necessity (Art. 6(1)(b) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Vital interests (Art. 6(1)(d) GDPR)
  • Public interest / authority task (Art. 6(1)(e) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)
  • Additional bases under international laws (e.g. LGPD Art. 7, CCPA/CPRA)

We only process special categories of personal data in accordance with Art. 9(2) GDPR or comparable international laws.

7. Security Measures

We implement appropriate technical and organizational security measures (TOMs) to protect personal data in accordance with Art. 32 GDPR and equivalent provisions. This includes access control, encryption, privacy by design/default, incident response plans, and employee confidentiality agreements.

8. Cooperation with Processors and Third Parties

We disclose data to third parties only:

  • Based on consent
  • For performance of a contract
  • To comply with legal obligations
  • Based on our legitimate interests (e.g., hosting, analytics)
  • Under data processing agreements per Art. 28 GDPR

9. International Data Transfers

Data transfers to third countries (outside the EU/EEA/Switzerland) occur only if:

  • A recognized level of data protection exists (e.g., EU-U.S. Data Privacy Framework)
  • Standard Contractual Clauses (SCCs) are in place
  • Explicit consent is given
  • Another lawful basis applies

All transfers comply with Art. 44–49 GDPR and comparable international regulations.

10. Rights of the Data Subject

You may exercise the following rights:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure („right to be forgotten“) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a data protection authority

For California residents, additional rights under the CCPA/CPRA apply, such as:

  • The right to know what personal data we collect
  • The right to request deletion
  • The right to opt out of data sales/sharing
  • The right not to be discriminated against for exercising your rights

To exercise any rights, contact us at upmann@now.digital. Identity verification may be required.

11. Cookies & Tracking

We use cookies and similar technologies for technical, analytical, and marketing purposes.

You can control cookies using:

Full cookie list: now.digital/datenschutz-cookie-liste

12. Third-Party Services

We use the following service providers and platforms (with appropriate data protection safeguards):

  • Google Services: Analytics, Tag Manager, AdSense, AdWords, DoubleClick, ReCaptcha, Maps
  • LinkedInYouTubeTwitterPinterestXing
  • Hosting ProvidersEmail ServicesCDNs (e.g., Automattic, Vimeo, Typekit)

Each third-party service has its own privacy policy and opt-out mechanisms. We only integrate services with valid transfer mechanisms (e.g., SCCs, DPF certification).

We also process customer and business partner data for:

  • Contract initiation and performance
  • Customer service and invoicing
  • Market research and business analytics
  • Legal retention periods and accountability

14. Social Media and Online Profiles

We maintain social media presences on platforms such as Facebook, Instagram, LinkedIn, Twitter, YouTube, and others.
Data processing is subject to the terms and privacy policies of the respective platforms. Users are advised to exercise their rights directly via the platform provider.

15. Data Retention

Personal data is retained only as long as necessary or required by law. Data no longer required will be securely deleted or anonymized in accordance with legal requirements.

16. Changes to This Policy

We reserve the right to update this Privacy Policy in response to legal, technical, or operational changes. Material changes will be announced on our website.

17. Contact

Data Protection Officer
Patrick Upmann
l