Privacy Policy
Preamble
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as “data” for short) that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offer”).
The terms used are not gender-specific.
Status: September 7, 2023
Table of contents
- Preamble
- Person in charge
- Overview of processing operations
- Relevant legal basis
- Security measures
- Transmission of personal data
- Deletion of data
- Rights of the data subjects
- Use of cookies
- Business services
- Credit assessment
- Provision of the online offer and web hosting
- Special information on applications (apps)
- Purchase of applications via app stores
- Registration, login, and user account
- Contact and inquiry management
- Push messages
- Change and update of privacy policy
Responsible
MANSIO GmbH
Dr. Maik Schürmeyer
Bismarckstraße 2-8, 52066 Aachen, Germany
E-mail address: info@mansio-logistics.com
Applicable legal bases
Relevant legal bases according to the GDPR: The following is an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.
- Consent (Art. 6 (1) p. 1 lit. a) GDPR) – The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Performance of a contract and pre-contractual requests (Art. 6 (1) p. 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject’s request.
- Legal obligation (Art. 6 (1) p. 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 (1) p. 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – FDPA). In particular, the FDPA contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.
Note on applicability of the GDPR and the Swiss GDPR: This data protection notice serves to provide information in accordance with both the Swiss Federal Data Protection Act (Swiss GDPR) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DPA, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DPA within the scope of its application.
Overview of the processing operations
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
- Inventory data.
- Payment data.
- Location data.
- Contact data.
- Content data.
- Contract data.
- Usage data.
- Meta, communication and process data.
- Image and/or video recordings.
- Location history and movement profiles.
Categories of data subjects
- Customers.
- Interested parties.
- Communication partners.
- Users.
- Business and contractual partners.
Purposes of processing
- Provision of contractual services and fulfillment of contractual obligations.
- Contact requests and communication.
- Security measures.
- Range measurement.
- Office and organizational procedures.
- Conversion measurement.
- Managing and responding to inquiries.
- Profiles with user-related information.
- Provision of our online services and user experience.
- Assessment of creditworthiness and credit rating.
- Information technology infrastructure.
Automated decisions in individual cases.
- Credit rating information.
Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
TLS encryption (https): To protect your data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Transmission of personal data
In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons:
Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
The recipients of this data also include, in particular, other participating transport companies including their employees who use the MANSIO software. The data concerned is (a) transport order data, i.e., information about which goods are to be transported by which company from which location to which destination, (b) the data necessary for identification, i.e., the vehicle registration number of the respective train car, the respective trailer identifier(s), and (c) the necessary contact data, i.e., the full name of the respective driver(s) of an order as well as the mobile telephone number for contacting this driver. The legal basis for the processing of the aforementioned data is Art. 6 (1) lit. (b) of the GDPR, as it is necessary for the fulfillment of our contract-related obligations.
Data transfer within the organization: we may transfer personal data to other entities within our organization or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and operational interests or is made where it is necessary for the performance of our contract-related obligations or where there is consent from the data subjects or legal permission.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked, or other permissions cease to apply (e.g., if the purpose of processing this data has ceased to apply, or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person. Within the scope of our data protection notices, we may provide users with further information on the deletion as well as on the retention of data that specifically applies to the respective processing operations.
Rights of the data subjects
Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
- Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
- Right to withdraw consent: You have the right to revoke any consent given at any time.
- Right to information: You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: In accordance with the legal requirements, you have the right to demand that the data concerning you be completed or that the incorrect data concerning you be rectified.
- Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased without delay or, alternatively, to demand restriction of the processing of the data in accordance with the legal requirements.
- Right to data portability: you have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format, or to request that it be transferred to another controller, in accordance with the law.
- Complaint to supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you usually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
Use of cookies
Cookies are small text files, or other memory notes, which store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the content accessed or functions used of an online offer. Cookies can also be used for various purposes, e.g., for purposes of functionality, security, and convenience of online offers as well as the creation of analyses of visitor flows.
Consent notices: We use cookies in accordance with the law. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, are absolutely necessary to provide the telemedia service (i.e., our online offering) expressly requested by users. The strictly necessary cookies usually include cookies with functions related to the display and operability of the online offer, load balancing, security, storage of users’ preferences and choices or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. The revocable consent will be clearly communicated to the users and will contain the information regarding the respective cookie use.
Notes on legal bases under data protection law: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in a business operation of our online offer and improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which we process the cookies in the course of this privacy policy or as part of our consent and processing procedures.
Storage duration: In terms of storage duration, the following types of cookies are distinguished:
- Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g., browser or mobile app).
- Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.
General information on revocation and objection (so-called “opt-out”): Users can revoke the consents they have given at any time and object to processing in accordance with the legal requirements. For this purpose, users can, among other things, restrict the use of cookies in the settings of their browser (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
Further guidance on processing operations, procedures, and services:
- Processing of Cookie Data Based on Consent: We use a cookie consent management procedure, in the context of which the consent of users to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure can be obtained and managed and revoked by users. Here, the declaration of consent is stored in order not to have to repeat its query and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers) as well as the browser, system, and end device used; legal basis: consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
Business services
We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer inquiries.
We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the framework of this data protection declaration.
We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g., in online forms, by means of special marking (e.g., colors) or symbols (e.g., asterisks or similar), or in person.
We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law as well as for commercial books, inventories, opening balances, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting records, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, furthermore the recording was made, or the other documents were created.
Insofar as we use third-party providers or platforms to provide our services, the terms, and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.
- Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, telephone numbers); contract data (e.g., subject of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times). Meta, communication and procedural data (e.g., IP addresses, time data, identification numbers, consent status).
- Data subjects: Customers; prospective customers. Business and contractual partners.
- Purposes of processing: providing contractual services and fulfilling contractual obligations; security measures; contact requests and communication; office and organizational procedures; managing and responding to requests; conversion measurement (measuring the effectiveness of marketing activities). Profiles with user-related information (creation of user profiles).
- Legal basis: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Further guidance on processing operations, procedures, and services:
- Customer account: Customers can create an account within our online offer (e.g., customer or user account, “customer account” for short). If registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. In the course of registration and subsequent logins and use of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the data of the customer account will be deleted after the termination date, unless they are kept for other purposes than the provision of the customer account or must be kept for legal reasons (e.g., internal storage of customer data, order transactions or invoices). It is the responsibility of the customers to secure their data upon termination of the customer account; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
- Economic analyses and market research: For business reasons and in order to be able to identify market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors, and users of our online offering. The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, consider the profiles of registered users together with their details, e.g., on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e., anonymized values. Furthermore, we consider the privacy of users and process the data for analysis purposes as pseudonymous as possible and, if feasible, anonymously (e.g., as summarized data); legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
- Brokerage and Intermediary Services: We process the data of our customers, clients and prospective customers (uniformly referred to as “customers”) in accordance with the underlying order of the customers. We may also process information about the characteristics and circumstances of individuals or things belonging to them if this is part of the subject of our order. This may be, for example, information on personal circumstances, movable or immovable property and financial situation.
If required for the fulfillment of the contract or required by law or approved by the customer or based on our legitimate interests, we disclose or transmit the data of the customers in the context of coverage requests, conclusions, and the settlement of contracts to providers of the mediated services / objects, insurers, reinsurers, broker pools, technical service providers, other service providers, such as cooperating associations, as well as financial service providers, credit institutions and investment companies, as well as social insurance carriers, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). E.g., cooperating associations, as well as financial service providers, credit institutions and investment companies, as well as social insurance institutions, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). Furthermore, subject to other agreements, we may engage subcontractors, such as sub-brokers;
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR). - Technical services: We process the data of our customers and clients (hereinafter uniformly referred to as “Customers”) in order to enable them to select, purchase or commission the selected services or works and related activities as well as their payment and provision or execution or performance.
The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations. Insofar as we obtain access to information of end customers, employees or other persons, we process this in accordance with legal and contractual requirements; - Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR.
Credit assessment
If we make advance payments or enter comparable economic risks (e.g., when ordering on account), we reserve the right to obtain identity and credit information for the purpose of assessing the credit risk based on mathematical-statistical procedures from specialized service providers (credit agencies) to protect our legitimate interests.
We process the information received from the credit agencies on the statistical probability of a payment default within the framework of an appropriate discretionary decision on the establishment, implementation, and termination of the contractual relationship. We reserve the right to refuse payment on account or other advance performance in the event of a negative result of the credit check.
The decision as to whether we make advance payments is made solely based on an automated decision in the individual case, which is made by our software based on the information from the credit agency, in accordance with the legal requirements.
If we obtain express consent from contractual partners, the legal basis for the credit rating information and the transmission of the customer’s data to the credit agencies is the consent. If no consent is obtained, the credit information is provided based on our legitimate interests in the default security of our payment claims.
- Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, telephone numbers). Contract data (e.g., subject of contract, term, customer category).
- Data subjects:
- Purposes of processing: assessment of creditworthiness and credit standing.
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
- Automated decisions in individual cases: credit information (decision based on a credit check).
Further notes on processing processes, procedures, and services:
- Credit check as a prerequisite for the provision of payment options: The provision of payment options, e.g., payment on account or payment by installments, may be made dependent on the result of the customer’s credit check. In this case, we ask customers to agree to the credit check procedure; legal basis: consent (Art. 6 (1) p. 1 lit. a) GDPR).
Provision of the online service and web hosting
We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or terminal device.
- Types of data processed: Usage data (e.g., web pages visited, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, consent status).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.).). Security measures.
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Further information on processing processes, procedures, and services:
- Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called “web hoster”); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
- Collection of access data and log files: Access to our online offer is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. Access to our online offer is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
Special notes on applications (apps)
We process the data of the users of our application insofar as this is necessary to provide the application and its functionalities to the users, to monitor its security and to further develop it. We may also contact users in compliance with legal requirements, provided that the communication is necessary for purposes of administration or use of the application. In all other respects, we refer to the data protection information in this privacy policy regarding the processing of users’ data.
Legal basis: the processing of data required for the provision of the functionalities of the application serves the fulfillment of contractual obligations. This also applies if the provision of the functionalities requires authorization of the users (e.g., releases of device functions). If the processing of data is not necessary for the provision of the functionalities of the application but serves the security of the application or our business interests (e.g., collection of data for purposes of optimizing the application or security purposes), it is based on our legitimate interests. If users are explicitly asked for their consent to the processing of their data, the processing of the data covered by the consent is based on the consent.
- Types of data processed: inventory data (e.g., names, addresses); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); payment data (e.g., bank details, invoices, payment history); contractual data (e.g., subject of contract, term, customer category); image and/or video recordings (e.g., photographs or video recordings of a person); location data (information about the geographic position of a device or a person). Location history and movement profiles (collection of location data and changes in position over a period of time).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: provision of contractual services and fulfillment of contractual obligations.
- Legal grounds: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); contract performance and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Further notes on processing processes, procedures, and services:
- Commercial use: We process the data of the users of our application, registered and any test users (hereinafter uniformly referred to as “users”) to be able to provide our contractual services to them as well as on the basis of legitimate interests in order to be able to ensure the security of our application and to develop it further. The required information is identified as such in the context of the conclusion of the use, order, purchase order or comparable contract and may include the information required for the provision of services and for any billing, as well as contact information to be able to hold any consultations; legal basis: contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
- Storage of a Universally Unique Identifier (UUID): The application stores a so-called universally unique identifier (UUID) for the purposes of analyzing the use and functionality of the application, as well as storing the user’s settings. This identifier is generated during the installation of this application (but is not associated with the device, so it is not a device identifier in this sense), remains stored between the launch of the application as well as its updates, and is deleted when users remove the application from their device.
- Device permissions to access functionality and data: The use of our Application or its functionalities may require users to have permissions to access certain functions of the devices used, or the data stored on the devices or accessible using the devices. By default, these permissions must be granted by users and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the users’ device and software. If clarification is needed, users can contact us. We would like to point out that the denial or revocation of the respective permissions may affect the functionality of our app.
- Access to the camera and stored recordings: As part of the use of our application, image and/ or video recordings (which also includes audio recordings) of users (and of other individuals covered by the recordings) are processed by accessing the camera functions or stored recordings. Access to the camera functions or stored recordings requires an authorization by the users that can be revoked at any time. In each case, the processing of the image and/or video recordings serves only to provide the respective functionality of our application, in accordance with its description to users, or its typical and expected functionality.
- Processing of location data: As part of the use of our application, location data collected from the device used or otherwise entered by users is processed. The use of the location data requires an authorization of the users, which can be revoked at any time. The use of the location data serves in each case only to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality.
- Location History and Movement Profiles: Based on the location data collected as part of the use of our Application, a location history is created, from which the geographical movements of the devices used over a period of time can be inferred (and may allow an inference to the movement profile of the users). The location history is only used to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality.
Purchase of applications via app stores
Our application is obtained via special online platforms operated by other service providers (so-called “app stores”). In this context, the privacy notices of the respective app stores apply in addition to our privacy notices. This applies in particular regarding the methods used on the platforms for reach measurement and interest-based marketing, as well as any obligation to pay costs.
- Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, telephone numbers); contract data (e.g., subject of contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status). Content data (e.g., entries in online forms).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: provision of contractual services and fulfillment of contractual obligations. Marketing.
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Further information on processing operations, procedures, and services:
- Apple App Store: app and software sales platform; service provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://www.apple.com/de/ios/app-store/. Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
- Google Play: App and software sales platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR); Website: https://play.google.com/store/apps?hl=de. Privacy policy: https://policies.google.com/privacy.
Registration, login, and user account
Users can create a user account. In the course of registration, users are provided with the required mandatory data and processed for the purpose of providing the user account on the basis of contractual obligation fulfillment. The processed data includes in particular the login information (username, password and an e-mail address).
In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so.
Users may be informed by e-mail about processes relevant to their user account, such as technical changes.
- Types of data processed: inventory data (e.g., names, addresses); contact data (e.g., e-mail, telephone numbers); content data (e.g., entries in online forms). Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: providing contractual services and fulfilling contractual obligations; security measures; managing and responding to requests. Provision of our online offer and user-friendliness.
- Legal grounds: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Further guidance on processing operations, procedures, and services:
- Registration with clear names: Due to the nature of our community, we ask users to use our services only by using clear names. I.e., the use of pseudonyms is not permitted; legal basis: contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR).
- User profiles are not public: User profiles are not publicly visible or accessible.
- Deletion of data after termination: If users have terminated their user account, their data regarding the user account will be deleted, subject to any legal permission, obligation, or consent of the users; legal basis: contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) GDPR).
Contact and inquiry management
When contacting us (e.g., by mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring individuals is processed to the extent necessary to respond to the contact requests and any requested measures.
- Types of data processed: contact data (e.g., e-mail, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
- Data subjects: Communication partners.
- Purposes of processing: contact requests and communication; managing and responding to requests; feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
Further notes on processing operations, procedures, and services:
- Contact form: If users contact us via our contact form, e-mail, or other communication channels, we process the data communicated to us in this context to process the communicated request; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Push notifications
With the consent of users, we may send users so-called “push notifications”. These are messages that are displayed on users’ screens, end devices or browsers, even if our online service is not being actively used at the time.
In order to sign up for the push messages, users must confirm their browser or terminal device’s request to receive the push messages. This consent process is documented and stored. The storage is necessary to recognize whether users have agreed to receive the push messages and to be able to prove the consent. For these purposes, a pseudonymous identifier of the browser (so-called “push token”) or the device ID of an end device is stored.
On the one hand, the push messages may be necessary for the fulfillment of contractual obligations (e.g., technical, and organizational information relevant to the use of our online offer) and are otherwise sent based on user consent, unless specifically mentioned below. Users can change the receipt of push messages at any time using the notification settings of their respective browsers or end devices.
- Types of data processed: Usage data (e.g., web pages visited, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, consent status).
- Data subjects: Communication partners.
- Purposes of processing: provision of our online offer and user-friendliness. Reach measurement (e.g., access statistics, recognition of returning visitors).
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
Further information on processing, procedures and services:
- Analysis and performance measurement: we evaluate push messages statistically and can thus recognize whether and when push messages were displayed and clicked on. This information is used to technically improve our push messages based on the technical data or the target groups and their retrieval behavior or retrieval times. This analysis also includes determining whether push messages are opened, when they are opened, and whether users interact with their content or buttons. While this information can be attributed to individual push message recipients for technical reasons. However, it is neither our intention nor, if used, that of the push message service provider to observe individual users. Rather, the evaluations serve us to recognize the usage habits of our users and to adapt our push messages to them or to send different push messages according to the interests of our users.
The analysis of the push messages and the measurement of success take place on the basis of the express consent of the users, which takes place with the consent to receive the push messages. Users can object to the analysis and performance measurement by unsubscribing from the push messages. A separate revocation of the analysis and performance measurement is unfortunately not possible;
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
Change and update of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time, and please check the information before contacting us.