Data Protection Declaration

Data Protection Declaration for Apps

1) Information on the collection of personal data and contact details of the controller

1. We are pleased that you are using our application (hereinafter "app"). In the following, we will inform you about how we handle your personal data when you use our app. Personal data is all data with which you can be personally identified.
2. The controller in charge of data processing for this app, within the meaning of the General Data Protection Regulation (GDPR), is Bastian Schröder, Buchenweg 12, 58540 Meinerzhagen, Deutschland, Tel.: 015257057322, E-Mail: b.schroeder@medienspot.de. The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
3. This app uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Log files when using our mobile app

If you download our mobile app via an app store, the required information is transferred to the app store, in particular your user name, email address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.

When you use our mobile app, we collect the personal data described below to enable you to use the function conveniently. If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:

• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request
• Access status/ http status code
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Language and version of the browser software
• Operating system used and its interface
• IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our app. The data is not passed on or used in any other way. However, we reserve the right to check the aforementioned log files retrospectively if there are concrete indications of unlawful use.

We also need your unique device number (IMEI = International Mobile Equipment Identity), unique network subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), any MAC address for WLAN use and the name of your mobile device.

3) Cookies

In order to make our app attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after you close the app (so-called session cookies). Other cookies remain on your device and enable us to recognize you (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

In some cases, cookies are used to simplify the operation of the app by saving settings. If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the app and a customer-friendly and effective design of the app use.

You can configure the settings of your mobile operating system and the app according to your wishes and, for example, refuse to accept third party cookies or all cookies. However, we would like to point out that in this case you may no longer be able to use all the functions of our mobile app.

4) Making contact

Personal data is collected when you contact us (e.g. via contact form or email). Which data is collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Tools and miscellaneous

Firebase Crashlytics

To create anonymized crash reports, we use "Firebase Crashlytics", a service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to improve the stability and reliability of our app.

In the event of a crash of the app, anonymous information is transmitted to Google's servers (status of the app at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the cell phone, last log messages) exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Transfers to Google LLC. in the USA are possible. This information does not contain any personal data.

When using an iOS-based device, you can give your consent in the app settings or after a crash. When using an Android-based device, you have the option to generally consent to the transmission of crash notifications to Google and app developers during setup.

You can revoke your consent at any time by

• deactivating the "Crash reports" function in the app settings in iOS
• adjusting the system settings in Android. To do this, open the app settings, select the "Google" item and then the "Usage & diagnostics" menu item in the three-dot menu at the top right. Here you can deactivate the sending of the relevant data.

Further information on data protection can be found in the Firebase Crashlytics privacy policy at https://firebase.google.com/support/privacy

6) Rights of the data subject

6.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

• Right to information pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;
• Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;
• Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
• Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
• Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
• Right to withdraw consent granted pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
• Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

6.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

7) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you withdraw your consent.

If there are legal retention periods for data that is processed within the scope of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

This text is a translation. The original text can be found here: Datenschutzerklärung