[elementor-template id="28011"]
Search

DATA PROTECTION FOTOGOALS APP

Data Protection - FOTOGOALS APP

Introduction

With the following data protection declaration we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular within our Fotogoals app (hereinafter referred to as “app” for short). We would like to point out that an internet connection is required to use the Fotogoals app. Data transmission over the Internet can be exposed to security gaps, which is why complete protection of the data against access by third parties is not possible.

The terms used are not gender specific.

(Users of the app are hereinafter referred to as “users” for short)

Status: June 24, 2022

Contents overview

  • Introduction
  • Responsible person
  1. General storage duration of personal data
  2. Legal basis
  3. Safety measures
  4. Access rights of the App
  5. Registration and use of personal data when using the app
  6. User rights
  7. Passing on personal data to third parties
  8. Web hosting and provision of our online offer
  9. Change and update

Responsible person

FOTOGOALS:
Lukas Zobel
Weedstr. 5

97346 Iphofen
Germany

Authorized representatives: Lukas Zobel.

E-Mail-Adresse: service.fotogoals@outlook.com 

www.fotogoals.com/imprint/?lang=en

 

1. General duration of storage of personal data

 

Unless otherwise stated or expressly stated in this privacy policy, the personal data collected by this App will be stored until a user requests us to delete them, revoke their consent to storage or the purpose of the data storage no longer applies. Insofar as there is a legal obligation to store or another legally recognized reason for storing the data (e.g. legitimate interest), the personal data concerned will not be deleted before the respective reason for storage no longer applies.

 

2. Legal basis

 

The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. As far as we process your data, this is done regularly on the basis of your consent in accordance with Art. 6 (1) lit. of the GDPR. Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) – The person concerned has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
  • Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR)– The processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.

(e.g. for in-app purchases or when using other chargeable APP functions)

  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR)– Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal data Data require, predominate. (e.g. as part of advertising campaigns)

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling.

 

3. Security Measures

 

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Encryption

This APP uses encryption for security purposes and to protect the transmission of sensitive content, e.g. B. Inquiries that you send to us as an APP operator. This encryption prevents the data you have transmitted from being read by unauthorized third parties.

 

4. Access rights of the App

 

In order to provide our services via the App, we need the access rights listed below with which we can access certain functions of the user’s device.

  • Location data (only while using the App and only if allowed!)
  • Unique device identifier
  • Internal storage (media content download)

Access to the device functions is required to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR, your consent within the meaning of Art. 6 (1) lit. of the GDPR or – if a contract has been concluded – the fulfillment of our contractual obligations (Article 6 (1) b GDPR).

 

5. Registration and use of personal data when using the app

 

The user is able to use our app without registering. For the provision of certain content or services (more functions) in our app, a registration and an existing user account is required. A corresponding registration is required to create a user account.

In the course of using the app, personal data of the user is used and collected. This concerns the following personal data of the user:

  • Email address (for registration)
  • Anonymized usage data
  • Device information (e.g. operating system or screen size)

Registration

We use Firebase Authentication, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street Dublin 4 Ireland, to handle the registration and login process. Firebase Authentication is a sign-in and authentication service provided by Google. To simplify the sign-up and authentication process, Firebase Authentication may use third-party identity services (Apple, Facebook, etc.) and store the information on their platform.

Google represents a processor within the meaning of Art. 28 GDPR, with whom we have concluded a corresponding contract processing contract. Google also relies on the use of standard contractual clauses.

You can choose between five registration options:

  • email and password,
  • Single sign-on (SSO) with your Apple, Google account,
  • or guest access.

In all cases, a user ID is generated for a user, which is used to identify the user in our app.

In addition, the third-party providers usually transmit further basic information about your user profile there (e.g. email address and profile picture) via Firebase Authentication. If necessary, you can restrict this information transmission in the registration process. You can obtain more information from the respective third-party providers:

 
 

The processing of this personal data is justified and necessary to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR to ensure the functionality and error-free operation of the app. The rights of the user and in the interest of protecting their personal data should prevail within the meaning of Art. 6 (1) lit. f GDPR.

The processing of this personal data is justified and necessary to fulfill the contract between the user and us within the meaning of Art. 6 (1) lit. b GDPR, to use the app. See point “Legal bases”.

Voluntary data

In the course of the app registration, a user has the option of entering further data. These can be entered voluntarily by the user and cannot be viewed by other users. These data are:

  • Place of residence (no exact address)
  • Instagram user name

 

6. User Rights

 

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right of objection:You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to object; this also applies to profiling based on these provisions. If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Right to withdraw consent: You have the right to withdraw your consent at any time.

Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.

Right to correction: In accordance with the legal requirements, you have the right to request the completion of the data relating to you or the correction of incorrect data relating to you.

Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to request that the data relating to you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with the legal requirements.

Right to data portability: You have the right to receive data relating to you that you have provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.

Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is against violates the requirements of the GDPR.

 

7. Transfer of personal data to third parties

 

We will only pass on personal user data to third parties (including processors, i.e. third parties who process data for us on our behalf) if the transfer is necessary to fulfill our contractual obligations to the user, if we are otherwise legally entitled or obliged to do so to pass them on or if the user has given us consent. In order to provide our services, selected personal information can be passed on to certain departments in our company. This includes employees from the areas of accounting, law, product management, marketing and IT. In certain cases, we also use external service providers who have been commissioned by us to process data for us in accordance with the instructions (see below). If user data is passed on to third parties who are not located in an EEA country (European Economic Area), we ensure that the recipient has an adequate level of data protection. We also ensure that appropriate confidentiality provisions in the applicable contracts are observed and that the standard contractual clauses for the disclosure of personal data to processors issued by the European Commission are complied with or that we obtain your consent.

7.1 Service providers

We also pass on user data to companies whose services we use to provide our services and to manage our business affairs. In particular, the following services are provided to us by contractors that we use: payment services, hosting services, maintenance and support, web / app analysis, fraud monitoring and prevention, marketing services, CRM services, customer service administration services, geo-query services (conversion of coordinates into real places) etc.

These service providers are contractually obliged by us to process user data in accordance with the strict guidelines of the GDPR and are not allowed to use user data for other purposes. The data are processed in accordance with Art. 28 (1) GDPR.

In addition, users will find detailed information below, such as personal user data, for which purposes and which service providers are used:

Possible types of data processed: usage data (e.g. interest in content, access times), meta / communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).

Affected persons: users (app users).

Purposes of processing: Provision of our online offer and user-friendliness, provision of contractual services and customer service, marketing, profiles with user-related information (creation of user profiles).

Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit.f. GDPR), consent (Art. 6 Para. 1 S. 1 lit.a. GDPR), fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR).

Used services and service providers:

 

  • Google Maps: We use an API to integrate the maps from the “Google Maps” service provided by Google. The processed data may include, in particular, the users’ IP addresses and location data, which, however, are not collected without their consent (usually within the framework of the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Data protection declaration: https://policies.google.com/privacy; Opposition option (opt-out): Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.
  • Google Places API Web Service (address completion): We use the Google Places API Web Service and Google’s automatic address completion. In order for us to receive this information from Google, the IP address and the content entered by the user are transmitted to Google. A connection to the Google servers is established for this purpose. This gives Google knowledge that our service has been accessed via the user’s IP address. Google is used in the interest of simplifying the filling of the input fields when entering the address in our app. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Further information on Google Places Api Web Services can be found in Google’s data protection declaration: www.google.com/policies/privacy/
  • OpenWeather: We use tools to provide current weather forecasts for the photo spots we publish. For this purpose, current weather data is loaded from the provider openweathermap.org (Openweather Ltd., 4 Queens Road, Wimbledon, London, SW19 8YB, United Kingdom). If necessary, the IP address is transferred to the provider’s server. The weather forecast is displayed in the interest of an appealing and informative presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: Openweather Ltd; Website: https://openweathermap.org/; Privacy policy: https://openweather.co.uk/privacy-policy
  • Sunrise-Sunset: We use tools to provide current suggestions for different times (sunrise | sunset | golden hour | blue hour) at the photo spots that we publish. For this purpose, current data is loaded from the provider sunrise-sunset.org (Sunrise-Sunset ©). If necessary, the IP address is transferred to the provider’s server. The times are displayed in the interest of an appealing and informative presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: Openweather Ltd; Website: https://sunrise-sunset.org/; Data protection declaration: https: //sunrise-sunset.org/privacy
  • Revive Software and Services: We use software and server technology to display advertisements in various places in our app. All advertisements that appear in our app for the purposes of our business affairs are marked with the unique designation “Ad” and are thus clearly recognizable for a user. The services of the provider Revive Software and Services BV are used for this. In some cases, the IP address is transmitted to the provider’s server in order to be able to show the user advertisements based on their location. Advertisements can also be displayed based on device information (e.g. operating system or screen size). The display and use of this technology is in the interest of our business relationships with our partners and an attractive and informative presentation within our online offer. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Service provider: Revive Software and Services BV; Website: https://revive-sas.com ; Privacy Policy: https://www.revive-adserver.net/privacy/
  • Amazon Affiliate Program: In terms of our business activities, we are participants in the Amazon EU affiliate program, which was designed to provide a medium for websites through which advertising fees can be earned by placing advertisements and links to Amazon.de (so-called affiliate system). Amazon uses cookies to be able to trace the origin of the orders. Among other things, Amazon can recognize that you clicked the partner link on this website and then purchased a product from Amazon. We receive a commission for qualifying purchases. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service providers: Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., ; Website: https://partnernet.amazon.de/ ; Privacy Policy: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.
  • Awin Affiliate Program: In terms of our business activities, we are participants in the partner program of AWIN AG (Landsberger Allee 104 BC, 10249 Berlin, Germany), which was designed to provide a medium for websites, by means of which advertising reimbursement can be earned by placing advertisements and links to AWIN (so-called affiliate system). AWIN uses cookies in order to be able to trace the origin of the conclusion of the contract. Among other things, AWIN can recognize that you clicked on the partner link on this website and then entered into a contract with or via AWIN. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: AWIN AG; Website: https://www.awin.com/de ; Data protection declaration: https://www.awin.com/de/datenschutzerklarung
  • DJI affiliate program: In terms of our business activities, we are participants in the affiliate program of SZ DJI Technology Co., Ltd. (14th Floor, West Wing, Skyworth Semiconductor Design Building, No. 18 Gaoxin South 4th Ave, Nanshan District, Shenzhen, China.) designed to provide a medium for websites to earn advertising fees through the placement of advertisements and links to DJI can be earned (so-called affiliate system). DJI uses cookies to be able to trace the origin of the conclusion of the contract. Among other things, DJI can recognize that you clicked the partner link on this website and then concluded a contract with or through DJI. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: SZ DJI Technology Co., Ltd.; Website: https://u.dji.com/ ; Data protection declaration: https://www.dji.com/de/policy
  • Belboon affiliate program: In terms of our business activities, we are participants in the affiliate program of belboon GmbH (Weinmeisterstr. 12-14, 10178 Berlin, Germany), which was designed to provide a medium for websites by means of which advertising costs are reimbursed through the placement of advertisements and links to BELBOON can be earned (so-called affiliate system). BELBOON uses cookies in order to be able to trace the origin of the conclusion of the contract. Among other things, BELBOON can recognize that you clicked on the partner link on this website and then entered into a contract with or via BELBOON. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Service provider: belboon GmbH; Website: https://belboon.com/ ; Data protection declaration: https://belboon.com/datenschutz/
  • Webgains affiliate program: In terms of our business activities, we are participants in the affiliate program of Webgains GmbH (Frankenstraße 150C, 90461 Nuremberg, Germany), which was designed to provide a medium for websites through which advertising reimbursement can be earned by placing advertisements and links to WEBGAINS (so-called affiliate system). WEBGAINS uses cookies in order to be able to trace the origin of the conclusion of the contract. Among other things, WEBGAINS can recognize that you clicked on the partner link on this website and then entered into a contract with or via WEBGAINS. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: Webgains GmbH; Website: https://www.webgains.com/public/de/ ; Data protection declaration: https://www.webgains.com/public/de/datenschutzerklaerung/
  • Tradedoubler affiliate program: In terms of our business activities, we are participants in the affiliate program of Tradedoubler GmbH (Mainzer Straße 13, 80804 Munich, Germany), which was designed to provide a medium for websites through which advertising reimbursement is earned by placing advertisements and links to TRADEDOUBLER can (so-called affiliate system). TRADEDOUBLER uses cookies in order to be able to trace the origin of the conclusion of the contract. Among other things, TRADEDOUBLER can recognize that you clicked on the partner link on this website and then entered into a contract with or via TRADEDOUBLER. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Service provider: Tradedoubler GmbH; Website: https://www.tradedoubler.com/de/ ; Data protection declaration: https://www.tradedoubler.com/de/privacy-policy/
  • Mail Service Provider – Mailchimp ‘Rocket Science Group, LLC’: We only use the service to send info e-mails with general information or notes on the app (changes to data protection/terms of use, changes to the user account) to registered users. You can find more information on the use of the data under point: 8. > Services and service providers used > Mailchimp ‘Rocket Science Group, LLC’

7.2 Government agencies, agencies and courts, legal representatives

Insofar as we are legally obliged to do so or this is permitted under data protection law, we transmit personal data to authorities such as the police or the public prosecutor’s office (Art. 6 Para. 1 lit. c GDPR). This data is disclosed on the basis of our legitimate interest in combating abuse, prosecuting criminal offenses (e.g. credit card fraud) and securing, asserting and enforcing claims, provided that the rights and interests of users in protecting their personal data do not predominate. 6 (1) lit. f GDPR.

 

8. Web hosting and provision of our online offer

In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the course of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or on websites.

E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information regarding the e-mail dispatch (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for SPAM detection purposes. We ask you to note that e-mails are generally not sent in encrypted form on the Internet. As a rule, e-mails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot accept any responsibility for the transmission path of the e-mails between the sender and receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.

On the one hand, the server log files can be used for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability.

Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.

  • Types of data processed: content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: users (app users).
  • Purposes of processing: Provision of our online offer and user-friendliness, Content Delivery Network (CDN).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services and service providers used:

  • Amazon Web Services (AWS): Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service Provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA; Website: https://aws.amazon.com/de/; Data protection declaration: https://aws.amazon.com/de/privacy/?nc1=f_pr.
  • Frostberry: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service Provider: Frostberry UG, Frankenweg 37, 97318 Kitzingen, Germany: https://frostberry.de/ ; Data protection declaration: On request via Frostberry UG
  • Mailchimp ‘Rocket Science Group, LLC’: Services in the field of sending e-mails or newsletters and the corresponding provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity). Fotogoals uses the service exclusively for sending general information or notes on the app (changes to data protection/terms of use, changes to the user account) to registered users.

    The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

    The shipping service provider can use the data (exclusively the e-mail address of a user) of the app user in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter/ emails or for statistical purposes. However, the shipping service provider does not use the data (exclusively the e-mail address of a user) from our app users to write to them themselves or to pass the data on to third parties. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR and an order processing contract in accordance with Article 28 Paragraph 3 Clause 1 GDPR. Service provider: Rocket Science Group LLC; Website: https://mailchimp.com/de/; Privacy Policy: https://www.intuit.com/privacy/statement/

 

9. Changes and updates

Fotogoals reserves the right to change or replace parts of this privacy policy at its own discretion. It is the responsibility of the user to regularly check this statement for changes. Photo oals reserves the right to change these conditions at any time in accordance with the statutory provisions. Photo oals may also offer new services and / or functions via app in the future (including the publication of new tools and resources). Such new features and / or services are subject to the terms and conditions of this privacy policy.

Note:

Some parts of this data protection declaration have been translated using a translation tool. There may therefore be translation errors or problems of understanding.

© 2022. Fotogoals. All Rights Reserved.

Finde die besten Fotospots in unserer Fotogoals App

Jetzt herunterladen

Download_on_the_App_Store_Badge_DE_RGB_blk_092917