Privacy Notice

1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you are using our application (hereinafter referred to as the "App"). In the following, we inform you about the handling of your personal data when using our App. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing in relation to this App within the meaning of the General Data Protection Regulation (GDPR) is Tobias Schiek, Nutzung 17, 09353 Oberlungwitz, Germany, Tel.: 01607657753, E-mail: tobias.schiek@gmail.com. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this App uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Log files when using our mobile App

When you download our mobile app from an app store, the necessary information is transferred to the App Store, in particular user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to your mobile device.

When using our mobile App, we collect the personal data described below in order to enable the convenient use of the function. If you wish to use our mobile App, we collect the following data, which is technically necessary for us to offer you the functions of our mobile App and to ensure stability and security:

• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request
• Access status/HTTP status code
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Language and version of the browser software
• Operating system used and its interface
• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our App. The data is not passed on or used in any other way. However, we reserve the right to check the aforementioned log files subsequently if there are concrete indications of illegal use.

Furthermore, we require your unique device number (IMEI = International Mobile Equipment Identity), unique network subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly the MAC address for Wi-Fi use and the name of your mobile device.

3) Contacting us

When you contact us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of using a contact form can be seen from the respective contact form in the App. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted after the final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention obligations to the contrary.

4) Data processing for contract execution

- Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the "Apple Pay" function of your device running iOS, watchOS or macOS by debiting a payment card stored with "Apple Pay". Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code that you have previously defined and verify it using the "Face ID" or "Touch ID" function of your device.

For the purpose of payment processing, the information you provide during the ordering process, together with the information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the successful payment.

If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to personally identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".

Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/en-us/HT203027

5) Rights of the data subject

5.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

• Right of access pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about the guarantees pursuant to Art. 46 GDPR when your data is transferred to third countries;
• Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
• Right to erasure pursuant to Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to have your data erased due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the establishment, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation, as long as it has not yet been determined whether our legitimate grounds prevail;
• Right to notification pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
• Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
• Right to withdraw consent given pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
• Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

5.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

6) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of express consent pursuant to Art. 6 (1) (a) GDPR, the data concerned will be stored until you withdraw your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or we have no legitimate interest in its further storage.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) (f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.