1) Information about the collection of personal data and contact details of the controller
1.1 We are pleased that you are using our application (hereinafter referred to as „App“). In the following, we inform you about the handling of your personal data when using our app. Personal data is all data with which you can be personally identified.
1.2 The controller in charge for data processing of this app within the meaning of the General Data Protection Regulation (GDPR) is Hatecke GmbH, Am Ruthenstrom 1, 21706 Drochtersen, Deutschland, Tel.: +494141915235, E-Mail: email@example.com. The controller of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.3 The controller has appointed a data protection officer, who can be reached as follows: „Lars Matthiesen, Am Ruthenstrom 1, 21706 Drochtersen, +494143915235, firstname.lastname@example.org“
1.4 This app uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the string „https://“ and the lock symbol in your browser line.
2) Log files when using our mobile app
If you download our mobile app via an app store, the required information will be transmitted to the app store, in particular the user name, e-mail address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary to download the mobile app to your mobile device.
When using our mobile app, we collect the personal data described below in order to enable the convenient use of the function. If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request
- Access status/ http status code
- Amount of data sent in bytes
- Source/reference from which you came to the site
- Browser used
- Language and version of the browser software
- Operating system used and its interface
- IP address used (if applicable: in anonymous form)
The processing takes place in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our app. A transfer or other use of the data does not take place. However, we reserve the right to subsequently check the aforementioned log files if there are concrete indications of illegal use.
Furthermore, we need your unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly MAC address for WLAN use and the name of your mobile device.
In order to make our app attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after closing the app (so-called session cookies). Other cookies remain on your device and enable us to recognize you (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
In some cases, the cookies are used to simplify the operation of the app by storing settings. If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the app as well as a customer-friendly and effective design of the app use.
You can configure the settings of your mobile operating system and the app according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that in this case you may no longer be able to use all the functions of our mobile app.
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
5) Registration in the app
You can register in our app by providing personal data. Which personal data is processed for registration results from the input mask used for registration. We use the so-called double opt-in procedure for registration, i.e. Your registration is only completed if you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If your confirmation is not made within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. You can provide all further information voluntarily by using our portal.
If you use our app, we store your data required for the fulfilment of the contract, including any information on the method of payment, until you permanently delete your access. Furthermore, we store the data voluntarily provided by you for the time of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Article 6 (1) (f) GDPR. In addition, we store all content published by you (such as public contributions, pin board entries, guestbook entries, etc.) in order to operate the app. We have a legitimate interest in providing the app with the complete user-generated content. The legal basis for this is Article 6 (1) (f) GDPR. If you delete your account, your statements published in particular in the forum will continue to be visible to all readers, but your account will no longer be available. All other data will be deleted in this case.
6) Sending push notifications
You can sign up to receive our push notifications. You will regularly receive information about our offered services via our push notifications.
To log in, you must confirm receipt of notifications or allow them in the settings of your operating system. This process is documented and stored. This includes the storage of the registration time as well as your device identification. The collection of this data is necessary so that we can display the push notifications on the one hand and on the other hand understand the processes in the event of misuse and therefore serves our legal protection. The processing of this data takes place on the basis of Art. 6 para. 1 lit. a GDPR.
You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical collection described above at any time with effect for the future. For the purpose of revoking consent, you can unsubscribe from the setting provided for this purpose to receive push notifications in your settings of the app in your operating system.
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your data will therefore be stored as long as the subscription for our push notifications is active.
7) Rights of the data subject
7.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:
- Right of access pursuant to Article 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, Deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making, including profiling and, if applicable, meaningful information about the logic involved and the scope and envisaged effects of such processing concerning you, as well as your right to information, which guarantees exist in accordance with Article 46 GDPR for the transfer of your data to third countries;
- Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of your incomplete data stored by us;
- Right to erasure in accordance with Article 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Article 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- Right to restriction of processing pursuant to Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data if you use your data to assert, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
- Right to information pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability pursuant to Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, insofar as this is technically feasible;
- Right to revoke granted consent in accordance with Article 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the affected data immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
- Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of your personal data infringes the GDPR, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.
7.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
8) Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the purpose of the processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. commercial and tax retention periods).
When processing personal data on the basis of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject revokes his consent.
If there are statutory retention periods for data that are processed within the framework of legal or quasi-contractual obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfilment or initiation of the contract and/or there is no legitimate interest on our part in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his or her right to object pursuant to Article 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his right of objection pursuant to Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.