DATA PROTECTION FOTOGOALS APP
Data Protection - FOTOGOALS APP
With the following data protection declaration we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular within our Fotogoals app (hereinafter referred to as “app” for short). We would like to point out that an internet connection is required to use the Fotogoals app. Data transmission over the Internet can be exposed to security gaps, which is why complete protection of the data against access by third parties is not possible.
The terms used are not gender specific.
(Users of the app are hereinafter referred to as “users” for short)
Status: August 03, 2021
- Responsible person
- General storage duration of personal data
- Legal basis
- Safety measures
- Access rights of the App
- Personal data in the context of the App usage
- User rights
- Passing on personal data to third parties
- Change and update
Authorized representatives: Lukas Zobel.
1. General duration of storage of personal data
2. Legal basis
The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. As far as we process your data, this is done regularly on the basis of your consent in accordance with Art. 6 (1) lit. of the GDPR. Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.
- Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) – The person concerned has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
- Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR)– The processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
(e.g. for in-app purchases or when using other chargeable APP functions)
- Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR)– Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal data Data require, predominate. (e.g. as part of advertising campaigns)
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling.
3. Security Measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
This APP uses encryption for security purposes and to protect the transmission of sensitive content, e.g. B. Inquiries that you send to us as an APP operator. This encryption prevents the data you have transmitted from being read by unauthorized third parties.
4. Access rights of the App
In order to provide our services via the App, we need the access rights listed below with which we can access certain functions of the user’s device.
- Location data (only while using the App and only if allowed!)
- Unique device identifier
- Internal storage (media content download)
Access to the device functions is required to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR, your consent within the meaning of Art. 6 (1) lit. of the GDPR or – if a contract has been concluded – the fulfillment of our contractual obligations (Article 6 (1) b GDPR).
5. Personal data in the context of the app usage
In the course of using the app, personal data of the user is used and collected. This concerns the following personal data of the user:
- Email address (for registration)
- Anonymized usage data
- Device information (e.g. operating system or screen size)
The processing of this personal data is necessary to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR, your consent within the meaning of Art. 6 (1) lit. a GDPR or – if a contract has been concluded – the fulfillment of our contractual obligations (Article 6 Paragraph 1 Letter b GDPR). See point “Legal bases”.
5.1 Receipt of data from third parties
When a user contacts Apple Inc. or Google, Inc. registered with us, we receive the following authentication information, which is required for its registration:
- E-mail address
- Unique user ID (“User ID”)
- Basic data that a user has stored in his profile (e.g. a nickname)
We only use this information to the same extent as the data that a user must provide when registering via our app.
5.1 Voluntary data
In the course of the app registration, a user has the option of entering further data. These can be entered voluntarily by the user and cannot be viewed by other users. These data are:
- Place of residence (no exact address)
- Instagram user name
6. User Rights
As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right of objection:You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to object; this also applies to profiling based on these provisions. If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to correction: In accordance with the legal requirements, you have the right to request the completion of the data relating to you or the correction of incorrect data relating to you.
Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to request that the data relating to you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with the legal requirements.
Right to data portability: You have the right to receive data relating to you that you have provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is against violates the requirements of the GDPR.
7. Transfer of personal data to third parties
We will only pass on personal user data to third parties (including processors, i.e. third parties who process data for us on our behalf) if the transfer is necessary to fulfill our contractual obligations to the user, if we are otherwise legally entitled or obliged to do so to pass them on or if the user has given us consent. In order to provide our services, selected personal information can be passed on to certain departments in our company. This includes employees from the areas of accounting, law, product management, marketing and IT. In certain cases, we also use external service providers who have been commissioned by us to process data for us in accordance with the instructions (see below). If user data is passed on to third parties who are not located in an EEA country (European Economic Area), we ensure that the recipient has an adequate level of data protection. We also ensure that appropriate confidentiality provisions in the applicable contracts are observed and that the standard contractual clauses for the disclosure of personal data to processors issued by the European Commission are complied with or that we obtain your consent.
7.1 Service providers
We also pass on user data to companies whose services we use to provide our services and to manage our business affairs. In particular, the following services are provided to us by contractors that we use: payment services, hosting services, maintenance and support, web / app analysis, fraud monitoring and prevention, marketing services, CRM services, customer service administration services, geo-query services (conversion of coordinates into real places) etc.
These service providers are contractually obliged by us to process user data in accordance with the strict guidelines of the GDPR and are not allowed to use user data for other purposes. The data are processed in accordance with Art. 28 (1) GDPR.
In addition, users will find detailed information below, such as personal user data, for which purposes and which service providers are used:
Processed data types: usage data (e.g. interest in content, access times), meta / communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
Affected persons: users (app users).
Purposes of processing: Provision of our online offer and user-friendliness, provision of contractual services and customer service, marketing, profiles with user-related information (creation of user profiles).
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit.f. GDPR), consent (Art. 6 Para. 1 S. 1 lit.a. GDPR), fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR).
Used services and service providers:
- Google Maps: We use an API to integrate the maps from the “Google Maps” service provided by Google. The processed data may include, in particular, the users’ IP addresses and location data, which, however, are not collected without their consent (usually within the framework of the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Data protection declaration: https://policies.google.com/privacy; Opposition option (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Google Places API Web Service (address completion): We use the Google Places API Web Service and Google’s automatic address completion. In order for us to receive this information from Google, the IP address and the content entered by the user are transmitted to Google. A connection to the Google servers is established for this purpose. This gives Google knowledge that our service has been accessed via the user’s IP address. Google is used in the interest of simplifying the filling of the input fields when entering the address in our app. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Further information on Google Places Api Web Services can be found in Google’s data protection declaration: www.google.com/policies/privacy/
- Sunrise-Sunset: We use tools to provide current suggestions for different times (sunrise | sunset | golden hour | blue hour) at the photo spots that we publish. For this purpose, current data is loaded from the provider sunrise-sunset.org (Sunrise-Sunset ©). If necessary, the IP address is transferred to the provider’s server. The times are displayed in the interest of an appealing and informative presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: Openweather Ltd; Website: https://sunrise-sunset.org/; Data protection declaration: https: //sunrise-sunset.org/privacy
7.2 Government agencies, agencies and courts, legal representatives
Insofar as we are legally obliged to do so or this is permitted under data protection law, we transmit personal data to authorities such as the police or the public prosecutor’s office (Art. 6 Para. 1 lit. c GDPR). This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting criminal offenses (e.g. credit card fraud) and securing, asserting and enforcing claims, provided that the rights and interests of users in protecting their personal data do not predominate. 6 (1) lit. f GDPR.
8. Changes and updates