Privacy policy
1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are using our application (hereinafter "app"). In the following we inform you about the handling of your personal data when using our app. Personal data is all data with which you can be personally identified.
1.2 Responsible for data processing regarding this app within the meaning of the General Data Protection Regulation (GDPR) is Steffen Süß, Hegelstraße 18, 96052 Bamberg, Germany, Tel.: 016096659243, email: mail@steffensuess.com. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
2) Contact
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted once your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.
3) Data processing for contract processing
3.1 For the processing of contracts concluded via the app, we work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institute as part of the payment process, provided this is necessary for the payment process. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Article 6 (1) (b) GDPR.
3.2 - RevenueCat
In the case of in-app payments, payment is made via RevenueCat Inc., 300 Euclid Avenue San Francisco, CA 94118, USA. to whom we pass on the information you provided during the ordering process together with the information about your order. Your data will be passed on in accordance with Article 6 Paragraph 1 Letter b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this. We have concluded an order processing contract with RevenueCat Inc., with which we oblige the provider to protect the data of the app users and not to pass it on to third parties.
Further information on data protection by RevenueCat can be found here: https://www.revenuecat.com/privacy
4) Firebase Crashlytics
To create anonymous crash reports, we use "Firebase Crashlytics", a service provided by Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to improve the stability and reliability of our app. If the app crashes, anonymous information will only be transmitted to the Google servers on the basis of your express consent in accordance with Article 6(1)(a) GDPR (app status at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the mobile phone, last log messages). Also transfers to Google LLC. In the US are possible. This information does not contain any personal data. You can give or revoke consent in the app settings. You can withdraw your consent at any time by disabling the "Crash Reporting" feature in the app's settings. For more information on data protection, see the Firebase Crashlytics privacy policy at https://firebase.google.com/support/privacy
5) Rights of the data subject
5.1 The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible for the processing of your personal data, about which we will inform you below:
Right to information in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed which guarantees pursuant to Art. 46 GDPR when your data is forwarded to third countries exist;
Right to rectification in accordance with Art. 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically feasible;
Right to revoke granted consent in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation;
Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work or where the alleged infringement took place.
5.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS RESULTING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.