1 Data Protection at a Glance
1.1 General Information
1.2 Data Processing Related to App Usage
How do we collect your data?
Data, such as technical data (e.g. your IP address and time of access), is automatically collected by our IT systems or service providers when the app is used. This data is collected automatically as soon as you use our application. Data will also be processed regarding the access authorizations on your device, if you have actively granted them. Finally, we can create a user account for you, so that the internal functions of the application are usable.
What do we use your data for?
The data is collected to ensure the error-free provision of the application’s content as well as the operation, maintenance and improvement of the associated online platform and the application. An additional purpose of data collection is to improve the user experience, the offering, the content and the functionalities. Personal data is only collected by this application if we are legally entitled to do so, or if you have expressly consented to the data collection in question.
What rights do you have with regard to your data?
1.3 Analysis Tools and Tools from Third-Party Providers
When using the application, your usage behavior can be statistically evaluated. This is done with so-called analysis programs. The analysis of your usage behavior is usually anonymous. You can find out more about this under „Analysis Tools“.
2 Data Controller
The „data controller“ is the entity that collects, processes or uses personal data (e.g. names, email addresses, etc.). The controller for data processing in the context of this application is:
Fabrik19 AG, Attorney Christiane Vedder
Bahnhofstrasse 82-86, 35390 Gießen
Questions about data protection should also be addressed to the data controller.
3 General Notes and Mandatory Information
3.1 Data Protection
3.2 Consent to Data Processing and Revocation
If you have given your consent for specific purposes, the purposes result from the respective content of this consent. Data processing is carried out on the basis of Article 6(1)(a) GDPR. In cases where you must provide data for this purpose, we expressly point this out. Without this provision, we would not be able to comply with your request covered by your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
3.3 Right to Object to the Collection of Data in Special Cases and to Direct Marketing (Art. 21 GDPR)
3.4 Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
3.5 Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
3.6 Access, Blocking, Erasure and Correction
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.
3.7 Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to check this. You have the right to request the restriction of the processing of your personal data for the duration of the review.
- If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
4 Data Collection Related to App Usage
4.1 Provision of Our App
When accessing our app through your end device, the following data will be processed by us:
- Date and time of access
- Duration of use
- Type of mobile device and device version
- Operating system used
- App version used
- Functions you are using
- System interruptions and similar events
- User authentication token
- IP address
We pursue the interest of enabling the use of our app and ensuring its technical functionality. When accessing our app, this data is processed automatically. Without providing this data, you cannot use our services. We do not use this data for the purpose of drawing conclusions about your person or identity. Furthermore, we use this data to optimize the performance of the app, ensure the availability of our app, and improve the user experience. We process this data based on Article 6(1)(f) of the GDPR for the provision of the service, ensuring technical operation, and for the purpose of identifying and resolving disruptions. Our legitimate interest also lies in ensuring the performance and availability of our offering.
5 Analysis Tools
5.2 Matomo (formerly PIWIK)
Scope of Processing Personal Data
We use the open-source software tool Matomo (formerly PIWIK) in our app to analyze user behavior. When certain actions are triggered or individual pages of our app are accessed, the following data is stored:
(1) Two bytes of the user’s IP address
(2) The accessed page
(3) The page from which the user arrived at the accessed page (referrer)
(4) The subpages accessed from the visited page
(5) The duration of time spent on the page
(6) The frequency of page visits
The software runs exclusively on the servers of our app. Storage of personal user data only takes place there. There is no sharing of the data with third parties.
More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/.
6 Recipients of Personal Data
6.1 Disclosure to Data Processors within the Scope of Article 28 of the GDPR
We use data processors (Article 28 of the GDPR), especially in the field of IT services and, for example, printing services, who process your data on our behalf in accordance with our instructions. When we commission service providers to fulfill our tasks, we always comply with data protection regulations, particularly ensuring that data is only disclosed after the conclusion of contracts for data processing.
Disclosure due to legal obligation: In the presence of a legal or regulatory obligation, we may disclose your data to public authorities or institutions (such as law enforcement agencies in the context of criminal investigations).
Other disclosures, provided you have given consent: With your explicit consent, we may also disclose your data to other parties. However, this is done within the limits of a verifiable consent given by you.
7 Data Processing in Third Countries
If data is transferred to entities whose registered office or location of data processing is not in a Member State of the European Union or in another contracting state of the Agreement on the European Economic Area, we ensure, before the transfer takes place, that outside of legally permitted exceptions, the recipient either maintains an adequate level of data protection (e.g., through an adequacy decision of the European Commission, appropriate guarantees such as self-certification of the recipient for the EU-US Privacy Shield, or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or you give your consent to the data transfer.
8 Storage Duration, Deletion
We only store your personal data for as long as necessary to fulfill the intended purposes or – in the case of consent – until you revoke the consent. In the event of an objection to the processing, we delete your personal data, unless further processing is permitted by applicable legal provisions. We also delete your personal data if we are obligated to do so for other legal reasons. Applying these general principles, we typically delete your personal data immediately after the legal requirements are no longer applicable and unless there is another legal basis (e.g., commercial and tax retention periods). If the latter applies, we delete the data after the expiration of the alternative legal basis.
9 Links to Third-Party Offers
Websites and services of other providers linked from our application are created and provided by third parties. We have no influence on the design, content, and functionality of these third-party services. We explicitly distance ourselves from all content of any linked third-party offers. Please note that third-party offers linked from our application may potentially install cookies on your end device or collect personal data. We have no control over this. Please inform yourself directly from the providers of these linked third-party offers as needed.