1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are using our application (hereinafter "app"). In the following we inform you about the handling of your personal data when using our app. Personal data is all data with which you can be personally identified.
1.2 Responsible for data processing regarding this app within the meaning of the General Data Protection Regulation (GDPR) is Cosmin Anghel, 8706 Meilen, Switzerland, email: firstname.lastname@example.org. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
2) Log files when using our mobile app
If you download our mobile app via an app store, the required information will be transmitted to the app store, i.e. in particular user name, email address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.
When using our mobile app, we collect the personal data described below to enable convenient use of the function. If you want to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request
- Access status/ http status code
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Language and version of the browser software
- Operating system used and its interface
- IP address used (if necessary: in anonymous form)
The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our app. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the aforementioned log files if there are concrete indications of illegal use.
We also need your unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), any MAC address for WLAN use and the name of your mobile device.
3) Hosting & Content-Delivery-Network
Firebase Cloud Storage
We use the web hosting service "Firebase Cloud Storage" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the purpose of hosting and displaying the app content on the basis of processing in our mission. All data collected on our website is processed on the Google servers. As part of the aforementioned services, data can also be processed on behalf of Google LLC servers as part of further processing in the USA. We have concluded an order processing contract with Google for the use of Firebase, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
For the transmission of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
For more information about Google's data protection in relation to Firebase, visit the following website: https://firebase.google.com/support/privacy
Further processing on servers other than the aforementioned instances only takes place within the scope communicated below.
In order to make our app attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the app is closed (so-called session cookies). Other cookies remain on your end device and enable us to recognize you (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie.
In some cases, cookies are used to simplify the operation of the app by saving settings. If individual cookies used by us also process personal data, the processing takes place in accordance with Article 6 (1) (b) GDPR for the execution of the contract, in accordance with Article 6 (1) (a) GDPR if consent has been given or in accordance with Article 6 paragraph 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the app and a customer-friendly and effective design of the use of the app.
You can configure the settings of your mobile operating system and the app according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that in this case you may no longer be able to use all the functions of our mobile app.
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted once your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
6) Data processing for contract processing
6.1 For the processing of contracts concluded via the app, we work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institute as part of the payment process, provided this is necessary for the payment process. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Article 6 (1) (b) GDPR.
6.2 - RevenueCat
In the case of in-app payments, payment is made via RevenueCat Inc., 300 Euclid Avenue San Francisco, CA 94118, USA. to whom we pass on the information you provided during the ordering process together with the information about your order. Your data will be passed on in accordance with Article 6 Paragraph 1 Letter b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this. We have concluded an order processing contract with RevenueCat Inc., with which we oblige the provider to protect the data of the app users and not to pass it on to third parties.
Further information on data protection by RevenueCat can be found here: https://www.revenuecat.com/privacy
7) Registration in the app
You can register in our app by providing personal data. Which personal data is processed for the registration results from the input mask used for the registration. Providing the above data is mandatory. You can provide all other information voluntarily by using our portal.
If you use our app, we store your data required to fulfill the contract, including any information on the method of payment, until you finally delete your access. Furthermore, we store the data you provide voluntarily for the duration of your use of the portal, unless you delete them beforehand. You can manage and change all information in the protected customer area. The legal basis is Article 6 (1) (f) GDPR.
In addition, we store all content you have published (such as public posts, wall entries, guest book entries, etc.) in order to operate the app. We have a legitimate interest in providing the app with full user-generated content. The legal basis for this is Article 6 (1) (f) GDPR. If you delete your account, your comments published in the forum in particular will remain visible to all readers, but your account will no longer be accessible. All other data will be deleted in this case.
8) Sending push notifications
You can sign up to receive our push notifications. You will regularly receive information about the services we offer via our push notifications.
To register, you must confirm receipt of notifications or allow them in the settings of your operating system. This process is documented and saved. This includes storing the time of registration and your device identification. The collection of this data is necessary on the one hand so that we can display the push notifications and on the other hand can understand the processes in the event of misuse and therefore serves our legal protection. This data is processed on the basis of Article 6 (1) (a) GDPR.
You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical survey described above at any time with effect for the future.
For the purpose of revoking your consent, you can unsubscribe from the setting provided for this purpose to receive push notifications in your app settings in your operating system.
Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your data will therefore be stored for as long as the subscription to our push notifications is active.
9) Tools and Miscellaneous
To create anonymous crash reports, we use "Firebase Crashlytics", a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to improve the stability and reliability of our app.
If the app crashes, anonymous information will only be transmitted to the Google servers on the basis of your express consent in accordance with Article 6(1)(a) GDPR (app status at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the mobile phone, last log messages). Also transfers to Google LLC. In the US are possible. This information does not contain any personal data.
When using an iOS-based device, you can give consent in the app settings or after a crash.
You can withdraw your consent at any time by disabling the "Crash Reporting" feature in the app's settings on iOS.
10) Rights of the data subject
10.1 The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible for the processing of your personal data, about which we will inform you below:
- Right to information in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed which guarantees pursuant to Art. 46 GDPR when your data is forwarded to third countries exist;
- Right to rectification in accordance with Art. 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
- Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
- Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically feasible;
- Right to revoke granted consent in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation;
- Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work or where the alleged infringement took place.
10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS RESULTING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.
11) Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - also based on the respective statutory retention period (e.g. commercial and tax retention periods).
If personal data is processed on the basis of an express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, this data will be stored until the data subject revokes his consent.
If there are statutory retention periods for data that are processed as part of legal or similar obligations on the basis of Article 6 (1) (b) GDPR, this data will be routinely deleted after the retention period has expired, provided that it is no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.
When personal data is processed on the basis of Article 6 (1) (f) GDPR, this data is stored until the data subject exercises his or her right to object in accordance with Article 21 (1) GDPR, unless we have compelling reasons worthy of protection for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection under Article 21 Paragraph 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.