1 Data Protection at a Glance

1.1 General Information

The following information provides a simple overview of what happens to your personal data when you use our mobile app. Personal data is any data that can be used to identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

1.2 Data Processing Related to App Usage

How do we collect your data?

Data, such as technical data (e.g. your IP address and time of access), is automatically collected by our IT systems or service providers when the app is used. This data is collected automatically as soon as you use our application. Data will also be processed regarding the access authorizations on your device, if you have actively granted them. Finally, we can create a user account for you, so that the internal functions of the application are usable.

What do we use your data for?

The data is collected to ensure the error-free provision of the application’s content as well as the operation, maintenance and improvement of the associated online platform and the application. An additional purpose of data collection is to improve the user experience, the offering, the content and the functionalities. Personal data is only collected by this application if we are legally entitled to do so, or if you have expressly consented to the data collection in question.

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data, free of charge at any time. You also have the right to request the authorization, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority, and the right to request the restriction of the processing of your personal data under certain circumstances. For details, please refer to the privacy policy under „Right to Restriction of Processing“.

1.3 Analysis Tools and Tools from Third-Party Providers

When using the application, your usage behavior can be statistically evaluated. This is done with so-called analysis programs. The analysis of your usage behavior is usually anonymous. You can find out more about this under „Analysis Tools“.

2 Data Controller

The „data controller“ is the entity that collects, processes or uses personal data (e.g. names, email addresses, etc.). The controller for data processing in the context of this application is:

Fabrik19 AG, Attorney Christiane Vedder

Bahnhofstrasse 82-86, 35390 Gießen

datenschutz@fabrik19.de

Questions about data protection should also be addressed to the data controller.

3 General Notes and Mandatory Information

3.1 Data Protection

This privacy policy explains the type, purpose and scope of data collection when using the application. We take the protection of your personal data very seriously, and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Personal data is data that can be used to identify you as a natural person. This includes, for example, information such as your name, postal address, e-mail address or telephone number, in addition to information that necessarily arises during the use of the application, for example information about the start, end and scope of use as well as the transmission of your device ID. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

3.2 Consent to Data Processing and Revocation

If you have given your consent for specific purposes, the purposes result from the respective content of this consent. Data processing is carried out on the basis of Article 6(1)(a) GDPR. In cases where you must provide data for this purpose, we expressly point this out. Without this provision, we would not be able to comply with your request covered by your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.3 Right to Object to the Collection of Data in Special Cases and to Direct Marketing (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 (1)(e) or (1)(f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (2) GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

3.4 Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

3.5 Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

3.6 Access, Blocking, Erasure and Correction

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.

3.7 Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

4 Data Collection Related to App Usage

4.1 Provision of Our App

When accessing our app through your end device, the following data will be processed by us:

We pursue the interest of enabling the use of our app and ensuring its technical functionality. When accessing our app, this data is processed automatically. Without providing this data, you cannot use our services. We do not use this data for the purpose of drawing conclusions about your person or identity. Furthermore, we use this data to optimize the performance of the app, ensure the availability of our app, and improve the user experience. We process this data based on Article 6(1)(f) of the GDPR for the provision of the service, ensuring technical operation, and for the purpose of identifying and resolving disruptions. Our legitimate interest also lies in ensuring the performance and availability of our offering.

5 Analysis Tools

5.1 Crashlytics

To better address technical issues related to our mobile apps, we use Fabric. This is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your app ID, framework data on encountered issues and device information, mobile carrier, and operating system are collected. Potentially personal or pseudonymous data is deleted after seven days. You can disable this service in the settings of your operating system (iOS / Android) by deactivating the sending of usage data for the app. The key component of this solution for us is Crashlytics, which provides detailed technical information about crashes and other errors in our app. Crashlytics collects data on app usage specifically related to system crashes and errors. It uses information about the device, the installed app version, and other details that can help in resolving issues, primarily related to the user’s software and hardware. No personal data is transmitted, only real-time crash reports with precise details about code locations and device information are sent, aiming to simplify maintenance and improve the resulting stability of the app. Further information can be found in Crashlytics‘ privacy policy: Crashlytics Privacy Policy. The legal basis for using Crashlytics is Article 6(1)(f) of the GDPR. We have a legitimate interest in providing the app without errors. You can disable this service directly in the settings (iOS – Settings > App > Disable Send Usage Data; Android directly in the app menu in the settings).

5.2 Matomo (formerly PIWIK)

Scope of Processing Personal Data

We use the open-source software tool Matomo (formerly PIWIK) in our app to analyze user behavior. When certain actions are triggered or individual pages of our app are accessed, the following data is stored:

(1) Two bytes of the user’s IP address

(2) The accessed page

(3) The page from which the user arrived at the accessed page (referrer)

(4) The subpages accessed from the visited page

(5) The duration of time spent on the page

(6) The frequency of page visits

The software runs exclusively on the servers of our app. Storage of personal user data only takes place there. There is no sharing of the data with third parties.

More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/.

6 Recipients of Personal Data

6.1 Disclosure to Data Processors within the Scope of Article 28 of the GDPR

We use data processors (Article 28 of the GDPR), especially in the field of IT services and, for example, printing services, who process your data on our behalf in accordance with our instructions. When we commission service providers to fulfill our tasks, we always comply with data protection regulations, particularly ensuring that data is only disclosed after the conclusion of contracts for data processing.

Disclosure due to legal obligation: In the presence of a legal or regulatory obligation, we may disclose your data to public authorities or institutions (such as law enforcement agencies in the context of criminal investigations).

Other disclosures, provided you have given consent: With your explicit consent, we may also disclose your data to other parties. However, this is done within the limits of a verifiable consent given by you.

7 Data Processing in Third Countries

If data is transferred to entities whose registered office or location of data processing is not in a Member State of the European Union or in another contracting state of the Agreement on the European Economic Area, we ensure, before the transfer takes place, that outside of legally permitted exceptions, the recipient either maintains an adequate level of data protection (e.g., through an adequacy decision of the European Commission, appropriate guarantees such as self-certification of the recipient for the EU-US Privacy Shield, or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or you give your consent to the data transfer.

8 Storage Duration, Deletion

We only store your personal data for as long as necessary to fulfill the intended purposes or – in the case of consent – until you revoke the consent. In the event of an objection to the processing, we delete your personal data, unless further processing is permitted by applicable legal provisions. We also delete your personal data if we are obligated to do so for other legal reasons. Applying these general principles, we typically delete your personal data immediately after the legal requirements are no longer applicable and unless there is another legal basis (e.g., commercial and tax retention periods). If the latter applies, we delete the data after the expiration of the alternative legal basis.

9 Links to Third-Party Offers

Websites and services of other providers linked from our application are created and provided by third parties. We have no influence on the design, content, and functionality of these third-party services. We explicitly distance ourselves from all content of any linked third-party offers. Please note that third-party offers linked from our application may potentially install cookies on your end device or collect personal data. We have no control over this. Please inform yourself directly from the providers of these linked third-party offers as needed.