Privacy Policy – MemeLicensing

PRIVACY POLICY

memelicensing.com

Effective date: 28 April 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

Artnerra UG (haftungsbeschränkt)

Alois-Wagner-Strasse 14

87466 Oy-Mittelberg, Germany

Handelsregister: HRB 16755

Registergericht: Amtsgericht Kempten (Allgäu)

Represented by: Paul Jung and Luca Mundi

Phone: +49 152 09119482 / +49 159 04319470

Email: office@memelicensing.com

Unless stated otherwise, “Artnerra UG (haftungsbeschränkt)”, “we,” or “us” refers to the controller named above.

2. General Information on Data Processing

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit or use our website and services. It applies to all pages of this website, including the shop, checkout, contact form, and user account areas.

We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

Personal data is only processed to the extent necessary for the respective purpose. We do not sell personal data to third parties.

We do not use automated decision-making within the meaning of Art. 22 GDPR. We do not make decisions with legal or similarly significant effects based solely on automated processing.

3. Website Hosting and Technical Operation

Our website is hosted by third-party infrastructure providers. We use professional hosting, content delivery, and security services to ensure the availability, performance, and protection of our website. When you access our website, your browser automatically transmits certain technical data to the web server. This may include:

IP address of the requesting device
Date and time of the request
Requested URL and referrer URL
Browser type, version, and operating system
HTTP status code and volume of data transferred

This data is processed to deliver the website content, ensure the security and stability of the systems, and for technical error diagnosis. Server log data is typically deleted automatically after a limited period, unless longer retention is required for security investigation purposes.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and functional website operation).

4. Contacting Us

Our website provides a contact form (powered by the Elementor Pro form widget) through which you can send us inquiries. When you submit the form, we process the following data that you provide:

Name
Email address (required)
Inquiry type, selected from a predefined list of categories such as commercial use, license questions, subscription access, agency or enterprise inquiries, merchandise rights, creator submissions, or general questions
Your message

In addition, the form system automatically includes certain technical metadata alongside your submission. The notification email we receive contains:

Date and time of submission
Page URL from which the form was submitted
User agent (browser and device information)
Remote IP address

This metadata is generated by the Elementor Pro form processing system and is included in the internal notification email. We do not separately collect this metadata; it is a technical by-product of the form submission and email delivery process.

Submitted form data may also be stored in the WordPress/Elementor backend as part of the Elementor Submissions feature, where it is accessible only to authorised administrators.

Contact form notification emails are delivered to our business mailbox hosted on Microsoft 365 / Outlook.

Appointment Booking via Calendly

We may provide a link to an external Calendly booking page that allows you to schedule a call with us. If you use this booking option, you will be redirected to Calendly, a scheduling service provided by Calendly, LLC. The booking process takes place on Calendly’s website and is not embedded directly into our website.

When you book a call, Calendly may process the information you provide during the booking process, such as your name, email address, selected time slot, company or brand information, and any message or answers submitted through the booking form. We use this information to schedule and conduct the requested call and to respond to your inquiry.

Calendly may also process technical data and use cookies or similar technologies on its own website or booking page. These activities are governed by Calendly’s own privacy and cookie notices. Because the booking page is externally hosted by Calendly and is not embedded directly into our website, Calendly cookies are not set through our website before you click the booking link.

Calendly’s privacy notice: https://calendly.com/privacy

Legal basis:

For licensing, sales, creator, or agency inquiries: Art. 6(1)(b) GDPR (pre-contractual measures at your request)
For general inquiries: Art. 6(1)(f) GDPR (legitimate interest in responding to incoming communications)

Inquiry data is retained until the matter is resolved. Where correspondence relates to a contractual relationship, it may be retained longer in accordance with commercial and tax retention obligations.

5. Account Registration and Login

You may create a user account on our website to manage orders, licenses, and downloads. When you register, we process:

Email address
Password (stored in hashed form only)
Name (if provided)

Your account data is processed to provide you with access to your orders, licenses, and account settings.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures). Account data is retained for the duration of the contractual relationship and thereafter in accordance with applicable retention obligations (see Section 14).

6. Orders and Checkout

When you place an order through our WooCommerce-based checkout, we collect and process the following data to fulfil your order and deliver your license:

First name, last name
Billing address (street, city, state/province, postcode, country)
Email address
Phone number (optional)
Order details (selected product, license type, license configuration, selected add-ons, manually entered license-related information, and price)
Order notes (optional)

Legal basis: Art. 6(1)(b) GDPR (performance of the license agreement). We retain order and billing data for the duration required by German commercial and tax law (typically 6 years under § 257 HGB, up to 10 years under § 147 AO).

7. Declared Social Media, Advertising and License Configuration Data

As part of the checkout and license configuration process, you may be asked to declare the social media accounts, platforms, advertising accounts, campaign details, or related destination pages on which you intend to use the licensed content. This information is submitted as part of the order and may include, depending on the selected license type:

Selected license type and license configuration
Platform information selected from predefined options or manually entered by you, including platforms such as Instagram, TikTok, X / Twitter, Facebook, LinkedIn, YouTube, Meta Ads, Google Ads, or comparable social media or advertising platforms
Social media account handles, profile URLs, page links, or other account identifiers
Advertising platform information selected from predefined options or manually entered by you
Ad account information, campaign account identifiers, business account information, or related advertising profile details, where relevant for paid advertising use
Campaign destination pages, landing pages, external website URLs, or other campaign-related links, where the meme is used as part of a licensed paid campaign
Confirmation that the declared accounts, platforms, ad accounts, and campaign uses relate to the same licensed brand

The information requested depends on the selected license type. For an Organic Post License, the same licensed post may be declared for use across up to 3 social media platforms of the same brand. For a Paid Ads License, the licensed use is limited to one meme, one advertising platform, and one ad account. For a Subscription, one brand may use catalog memes across its own social media platforms and accounts for organic posting during an active subscription. If the paid advertising add-on is activated, the same brand may also use subscription memes in paid campaigns across supported advertising platforms and ad accounts connected to that same brand.

We do not ask for login credentials, passwords, or direct access to your social media or advertising accounts.

We collect this data for the following purposes:

Allocation of the license to the authorised brand, accounts, platforms, ad accounts, and campaign uses
Verification that licensed content is used within the purchased license scope
Enforcement of license terms, including prevention of use outside the licensed brand scope, such as use by additional brands, sub-brands, product-line brands, agency clients, independently positioned divisions or business lines, undeclared accounts, unauthorised platforms, or unauthorised ad accounts
Documentation and compliance monitoring
Support in case of disputes, takedown requests, licensing questions, or rights-holder inquiries

Declared account, platform, ad account, and campaign information is order data, not cookie data. It is stored alongside the order record in our shop system.

Legal basis: Art. 6(1)(b) GDPR (performance of the license agreement). Additionally, Art. 6(1)(f) GDPR (legitimate interest) applies for documentation, abuse prevention, compliance monitoring, dispute handling, and enforcement of licensing restrictions.

Declared account, platform, ad account, and campaign data is retained for the duration of the license and thereafter as long as required for the assertion, exercise, or defence of legal claims or statutory retention obligations.

8. Payment Processing

Payments on our website are processed by Stripe, Inc. (and its affiliates). When you complete a purchase, your payment data is transmitted to and processed by Stripe to execute the transaction and for fraud prevention purposes. The payment methods currently available through Stripe include credit/debit card, Apple Pay, and Google Pay. PayPal is also offered as a payment option.

Stripe may process:

Payment card details (card number, expiry date, CVC)
Billing address
Transaction amount and metadata
Device and browser information for fraud detection

We do not store full payment card details on our servers. Payment processing is handled by Stripe using industry-standard security measures (PCI DSS compliance).

Stripe is checkout-essential: its scripts and technologies on the checkout page are required for the payment service you have requested and remain active regardless of your cookie consent preferences. Stripe may use cookies or similar technologies on the checkout page for payment functionality and fraud prevention. These are classified as strictly necessary under TDDDG § 25(2) no. 2.

When you choose PayPal as your payment method, you will be redirected to PayPal to complete the transaction. PayPal processes your payment data in accordance with its own privacy policy.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). For fraud prevention measures: Art. 6(1)(f) GDPR (legitimate interest of both parties in secure payment processing).

Stripe’s privacy policy: https://stripe.com/privacy

PayPal’s privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies (such as browser session storage). A detailed overview of the specific cookies and technologies used, their purposes, categories, and durations is provided in our separate Cookie Policy.

In summary:

Strictly necessary cookies and technologies (such as shopping cart, checkout, login, payment processing, and consent management) are always active. They do not require consent under TDDDG § 25(2) no. 2.
Non-essential cookies and technologies (specifically: WooCommerce Order Attribution and Sourcebuster analytics/attribution cookies) are blocked by CookieYes and only activated after you choose “Accept all” in the cookie banner.

For full details, please refer to our Cookie Policy.

10. Analytics and Attribution

Our website uses WooCommerce Order Attribution, which relies on Sourcebuster (sourcebuster.js), to understand how visitors reach our website and to analyse the effectiveness of traffic sources. When activated with your consent, these tools may collect:

Traffic source and referrer information
UTM parameters (campaign, source, medium, content, term)
Session data (entry page, session start)
User agent information

This data is stored temporarily in browser cookies. The attribution data is only read and stored as order metadata if and when a purchase is completed during the session. This feature is not used for cross-session profiling, remarketing, or advertising.

These technologies are blocked by CookieYes and do not load unless you choose “Accept all” in the cookie banner. If you choose “Only necessary,” these scripts do not run and no attribution cookies are set.

Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with TDDDG § 25(1). You may withdraw or change your consent at any time by reopening the cookie consent settings, for example through the Cookie Settings link in the website footer or the consent preferences icon available on the website. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

11. External Fonts (Google Fonts)

This website loads fonts from the Google Fonts service, operated by Google LLC (or Google Ireland Limited for users in the EEA). The fonts currently used include Bebas Neue, Playfair Display, and DM Sans. Additional fonts (such as Syne) may be loaded on specific pages.

When your browser requests a font file from Google’s servers, the following technical data may be transmitted to Google:

Your IP address
The URL of the page you are visiting (referrer)
Browser and device information (User-Agent header)

According to Google, the Google Fonts API does not set or log cookies, and Google states that it does not use the data received through font requests to create user profiles or for advertising purposes.

Google Fonts is a font delivery service, not a cookie-based technology. It is therefore addressed in this Privacy Policy rather than in the Cookie Policy.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent and functional typography across the website).

Google Fonts privacy information: https://developers.google.com/fonts/faq/privacy

12. Recipients and Processors

In the course of our business operations, we may share personal data with the following categories of recipients, to the extent necessary for the purposes described in this Privacy Policy:

Hosting and infrastructure providers: Our website is operated using professional hosting, content delivery, and security infrastructure. Data is processed on our behalf to ensure website availability and security.
Payment service providers: Stripe, Inc. processes payment data as described in Section 8. PayPal processes payment data when selected as the payment method.
Email and mailbox provider: Contact form notifications and business correspondence are handled through Microsoft 365 / Outlook, provided by Microsoft Corporation.
Appointment scheduling provider: Calendly, LLC provides the external appointment booking page used when you choose to schedule a call with us. Calendly processes the information submitted through the booking form in order to provide scheduling functionality and may also process certain data under its own privacy notice.
Font delivery: Google LLC provides font files as described in Section 11. Google receives request-level technical data when fonts are loaded.
Cookie consent management: CookieYes provides the consent management solution used on this website to manage cookie preferences and record consent.

We do not sell personal data. We only share data with third parties where this is necessary for the purposes stated above, where we are legally obliged to do so, or where you have given your consent.

Where third parties process data on our behalf (processors), we have concluded data processing agreements in accordance with Art. 28 GDPR.

13. International Data Transfers

Some of the third-party services we use are operated by companies based outside the European Economic Area (EEA), in particular in the United States. Where personal data is transferred to third countries, we ensure that appropriate safeguards are in place:

Stripe: Stripe, Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). Stripe additionally offers a Data Processing Agreement that includes Standard Contractual Clauses (SCCs) as a supplementary safeguard.

Google (Google Fonts): Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF). The data transmitted through font requests is limited to request-level technical information (IP address, URL, headers).

Microsoft (Microsoft 365 / Outlook): Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework (DPF). Microsoft also provides Standard Contractual Clauses (SCCs) and processes EU data in accordance with its data processing agreements.

PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A. is the responsible PayPal entity for European users. Where data is transferred to PayPal, Inc. in the United States, PayPal relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.

Calendly: Calendly, LLC is based in the United States and provides the external appointment scheduling service used when you book a call with us. Calendly relies on appropriate safeguards for international data transfers, including the EU-U.S. Data Privacy Framework and, where applicable, Standard Contractual Clauses.

We regularly review our third-party service providers and their compliance with applicable data transfer requirements.

14. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, or as required by law:

Server log data: Limited period (typically days to weeks), unless extended for security investigations
Contact form inquiries: Until the matter is resolved; longer if contractually relevant
Calendly booking data: Retained until the appointment or related inquiry has been handled; longer where the booking relates to a contractual, pre-contractual, legal, or business relationship. Calendly may retain data according to its own retention policies.
Account data: Duration of the account and contractual relationship
Order and billing data: 6 years (§ 257 HGB) to 10 years (§ 147 AO)
Declared account, platform, advertising account, campaign, and license configuration data: Duration of the license; thereafter as required for the assertion, exercise, or defence of legal claims or statutory retention obligations
Payment data: Retained by Stripe and PayPal in accordance with their respective retention policies; transaction records retained per commercial and tax law
Analytics/attribution data: Session-based cookies; attribution data is associated with orders only if a purchase is completed during the session

After the applicable retention period expires, data is deleted or anonymised unless further retention is required.

15. Requirement to Provide Data

Providing certain personal data is necessary to use our website services, create an account, place an order, receive a license, configure the licensed use, process payment, or contact us. If you do not provide the required order, billing, payment, account, or license configuration data, we may not be able to process your order, deliver the license, verify the licensed use, or provide the requested service.

Providing contact form or Calendly booking information is voluntary, but necessary if you want us to respond to your inquiry or schedule a call with you.

Consent-based cookies and analytics/attribution technologies are voluntary. If you choose “Only necessary,” you can still use the website and checkout, but non-essential analytics and attribution technologies will not be activated.

16. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

Right of access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and, if so, a copy of that data.
Right to rectification (Art. 16 GDPR): You may request correction of inaccurate personal data.
Right to erasure (Art. 17 GDPR): You may request deletion of your personal data, subject to applicable legal retention obligations.
Right to restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your data under certain conditions.
Right to data portability (Art. 20 GDPR): You may request to receive your personal data in a structured, commonly used, machine-readable format.
Right to object (Art. 21 GDPR): You may object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at office@memelicensing.com.

17. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR (Art. 77 GDPR).

The competent supervisory authority for our company is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany

https://www.lda.bayern.de

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or technical setup. The effective date at the top of this policy indicates when the last update was made. We encourage you to review this page periodically.

19. Contact

If you have questions about this Privacy Policy or about how we process your personal data, please contact us: