Privacy Policy sharingguru
This is machine translated version
The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit our website. Our data protection practice is in accordance with the legal regulations of the EU's General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). The following data protection declaration serves to fulfil the information obligations resulting from the DSGVO. These can be found, for example, in Art. 13 and Art. 14 ff. DSGVO.
1. Explanation of terms
In the following, we explain the most important terms of the GDPR in accordance with Art. 4 of the GDPR and the processing of social data in accordance with the Social Code, which are mentioned in the following data protection declaration.
-
-
Personal data is any information relating to an identified or identifiable natural person (hereinafter: data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number. Personal data are e.g. name, contact details, job title.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of personal data.
Restriction of processing is the marking of stored personal data with the aim of limiting your future processing.
Anonymisation is when information does not relate to an identified or identifiable natural person, or personal data has been anonymised in such a way that the data subject cannot be identified or can no longer be identified.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable person.
A controller is any natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party.
Third party means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent of a data subject is any freely given, specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her. If we require consent to process your data, you will find this declaration of consent at the relevant point on the website. There you will also find further information on the processing of the data processed within the scope of the consent.
2. Person responsible for the sharingguru platform
The controller within the meaning of Art. 4 No. 7 DSGVO is the person who alone or jointly with others determines the purposes and means of the processing of personal data.
provider of the app and is responsible under data protection law:
Beyond X Labs GmbH, Wallstr. 8, 60594 Frankfurt, Germany
E-Mail: [email protected], Tel.: +49(0)69 90754800
3. Service providers for the app and other data recipients
In order to make the operation of our platform as secure as possible, we work together with additional service providers on the basis of order processing contracts within the meaning of Art. 28 DSGVO.
The app is hosted on our behalf and technically supported by:
-
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg
It cannot be ruled out that personal data of the European offshoot of Amazon and its affiliated companies will also be transferred to states outside the EU, in particular to the USA. There, it is possible that government authorities can access the data even without a court order. You can find more information on how Amazon handles your data athttps://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.
In addition, the apps are hosted by the respective app store provider. The data protection regulations communicated by the app store operator apply.
4. Information collected when downloading the app
When you download our app, certain information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store). In particular, the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the Mac address (Media Access Control) may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.
5. Provision of the APP and creation of log files
Each time you visit our website, our system automatically collects data and information from the device (e.g. computer, mobile phone, tablet, etc.).
5.1. What personal data of yours do we process and what is it used for?
-
-
(1) Information about the app and the version used
The operating system, the system version and the device ID as well as the manufacturer of the retrieval device
(3) The IP address as well as the MAC address of the retrieval device
(4) Date and time of access
(5) A unique ID to recognise the user
This data is stored in the log files of our system. This data is not stored together with further personal data of a specific user, so that individual website or app visitors are not identified. The data enables us to monitor and improve the stability and availability of our app over a longer period of time. The temporary (automated) storage of the data is necessary for the course of app use in order to enable the delivery of the app's content.
The storage and processing of personal data is also carried out to maintain the compatibility of our app for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the retrieving end device in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our app.
5.2. Legal basis for the processing of personal data
-
-
Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described above. Without created log files, no delivery of the app can take place, as the data is required, among other things, for the delivery of the content.
5.3. Duration of storage
-
-
The data is deleted when it is no longer needed to ensure the compatibility of the app for all visitors. This is the case no later than 3 months after the app has been used. The entry of the data requires the existence of a user account. Registration is not possible if the data you enter is incorrect. If the data you enter is incorrect or not entered at all, the protected area cannot be used. However, the rest of the site can still be used without a login.
-
Who gets access to your data?
The personal data you enter during registration will only be processed by the app provider. However, if you join a group, we will transmit the personal data you entered during registration (surname, first name and email address) to the group administrator existing within the group so that the group administrator can manage the group. The data is necessary for the group administrator to contact existing users of his group and - where necessary - to identify or assign them.
5.4. User list of the group
-
-
What personal data of yours do we process and what is it used for?
Within the framework of group administration, the group creator or group admin can manage (delete, view) the users who have joined via the group code. The group creator or group admin has access to the name and the stored e-mail address in order to uniquely identify the user. This information enables him to determine which users are actually authorised to participate in the group. They can also remove individual users.
-
What is the legal basis for the processing?
The collection and processing of the data is based on Art. 6 para. 1 lit. b DSGVO (implementation of (pre)contractual measures). In order for the group admin to be able to manage and identify the users, we must provide him with the relevant information.
-
How long will your data be stored?
The user's data is stored in the group for as long as the user is a member of a group. The admin no longer has access to the information after the user leaves the group or deletes the user account.
-
Possibility of objection and removal
You can find out what rights you have and how to exercise them at the bottom of this privacy statement.
-
Necessity of the information and consequences of failure to provide it
Joining a group is neither contractual nor legally required. If the user does not join a group, the data will not be transmitted. However, he or she will then also not be able to participate in the group and the shared content.
5.5. Statistical evaluations and contract management through the app
-
-
What personal data of yours do we process and what is it used for?
All personal data collected via the APP, such as login data, e-mail addresses, group memberships, booked and reserved assets, provided assets, etc., will be processed by the operator of the APP to enable you to interact with the app. In addition, the responsible party will prepare the data for statistical purposes and process it internally. The data will also be partially anonymised.
-
What is the legal basis for the processing?
The legal basis for the processing is the usage contract with regard to the app. The processing serves the fulfilment of the contract according to Art. 6 para. 1 lit. b DSGVO. The anonymisation of the data is also carried out in the legitimate interest of the operator of the app in accordance with Art. 6 para. 1 lit. f DSGVO.
-
How long will your data be stored?
Anonymised data is generally kept indefinitely. All other data is deleted when the user closes his or her user account and there are no longer any legal retention obligations.
-
Possibility of objection and removal
You can find out what rights you have and how to exercise them at the bottom of this privacy statement.
-
Necessity of the information and consequences of failure to provide it
The information is necessary to be able to use the app and is contractually required. Failure to provide this information means that the app cannot be used or can only be used to a limited extent.
5.6. Error reporting
-
-
What personal data of yours do we process and what is it used for?
The data recorded as part of our error reporting (model and operating system of the accessing device, version number of the app, a time specification and crash reporter key) serve to guarantee and optimise the functionality of the app. The detection and processing of errors in the app is required in order to be able to provide the app permanently and to be able to react to security problems with the required speed.
-
What is the legal basis for the processing?
Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.
-
How long will your data be stored?
The deletion of the data takes place immediately after the corresponding errors have been corrected, provided that no legal retention periods exist.
-
Your rights
You can object to the processing at any time in accordance with Article 21 of the GDPR and request the deletion of data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them in the lower section of this privacy policy.
-
Necessity of the information and consequences of failure to provide it
The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. Failure to provide it has no consequences.
5.7. Push Notifications:
-
-
What personal data of yours do we process and what is it used for?
Depending on the operating system (Apple or Android), an ID is assigned to your user device and stored. If the server sends a push notification to this ID, the message is automatically sent to the corresponding end device.
The transmission of messages as push messages serves to facilitate communication with the users of our app. Among other things, the user is informed via the app about innovations within the app (e.g. new posts and app functions).
-
What is the legal basis for the processing?
Art. 6 para. 1 lit. a DSGVO (consent) by your permission in the app or the settings of the mobile device.
-
How long will your data be stored?
The deletion of the data takes place immediately after the corresponding errors have been corrected, provided that no legal retention periods exist.
-
Possibility of objection and removal
You can deactivate the sending of push notifications at any time by either deactivating push notifications completely or withdrawing the corresponding authorisation from the app via the app settings. You can find out what rights you have and how to exercise them at the bottom of this privacy policy.
-
Necessity of the information and consequences of failure to provide it
The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. However, the use of the ID for the purpose of using push messages must be made if you wish to receive push messages. Failure to provide it may therefore result in you not being able to use the push function.
6. In-App Purchases
6.1. Apple Pay
-
-
With the "Apple Pay" payment method of Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your Apple device. The payment is released via the payment types and release mechanisms stored for the corresponding function, e.g. fingerprint, Face ID, PIN, etc.
The data is processed on the basis of Art. 6 (1) lit. b DSGVO for the purpose of payment and contract processing. The data is transmitted to Apple in encrypted form and then confirmed by Apple in such a way that we cannot draw any conclusions about the payment method used (behind Apple Pay). After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code back to us to confirm the success of the payment.
Further information on data protection with Apple Pay can be found at at https://support.apple.com/de-de/HT203027 und https://support.apple.com/de-de/HT204506.
6.2. Google Pay
-
-
With the "Google Pay" payment method of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, the payment is processed via the "Google Pay" function of your Android device. The payment is approved via the payment types and approval mechanisms stored for the corresponding function, such as fingerprint, Face ID, PIN, etc. The payment will be processed via the "Google Pay" function of your Android device.
The data is processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of payment and contract processing. Please note that for each transaction Google has the possibility to process certain information such as date, time, amount of the transaction, information about the goods etc. for its own purposes.
You can find further information on data protection with Google Pay at https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de.
7. Access to functions of your iOS end device
If you use a terminal device with an iOS operating system, the following provisions of this clause apply 7. In order to be able to use all the functions of our app, it requires access to certain functions of your end device:
-
-
Siri & Search
Our app accesses the "Siri & Search" function by default, which allows you to control the app using shortcuts from Siri. In addition, the search results in your end device are influenced by this.
-
Memory
This access is needed so that the app can cache data offline on the end device. This may be necessary, for example, when using the camera function.
-
Camera
Group and asset symbols can be uploaded using the camera.
-
Access to all networks
This allows us to use an existing internet connection (WLAN or mobile phone) to transfer data.
-
What personal data of yours do we process and what is it used for?
Personal data is only processed when using the corresponding app functions. The specific processing of your personal data is listed with the respective app function. The purpose of the data processing is to enable you to use our app and its individual functions in a customer-friendly manner. Furthermore, the processing of your personal data serves the functionality of the app and the provision of the best possible user comfort.
-
Legal basis for the processing of personal data
Art. 6 para. 1 lit. a DSGVO (consent). The app only obtains access to your personal data with your express consent when using corresponding app functions.
In addition, individual functions (use of the device memory to store contents of the app) are partly necessary for the performance of the contract (Art. 6 para. 1 lit. b DSGVO).
-
How long will your data be stored?
Access to the respective device functions is required in each case during the use of our app. If data is collected in addition, for example when exporting or downloading files to the storage space of your end device, these files are generally stored until you manually delete the files.
-
Possibility of objection and removal
You can revoke your consent at any time or object to the use of the permissions by withdrawing the corresponding permissions from the app in the app settings of your operating system. You can switch access to the permissions of your end device on or off for most end devices in the "Settings" under "Apps". Please note that deactivating access rights may have a negative impact on the functionality of the app. You can find out which rights you are entitled to and how to exercise them in the lower section of this privacy policy.
8. Access to functions of your Android terminal
In order to be able to use all the functions of the app under Android, the app requires access to certain functions of your end device. The app requires the following permissions. Please note that the following access rights require your active consent. These functions cannot be used without your express consent (during installation or at a later time in the app).
-
-
Memory:
This access is needed so that the app can cache data offline on the end device. This may be necessary, for example, when using the camera function.
-
Camera
Group and asset symbols can be uploaded using the camera.
-
What personal data of yours do we process and what is it used for?
Access is required exclusively for the use of the app's functions. The specific use is listed with the respective function.
The primary purpose of data collection and processing is to provide you with a customer-friendly way to use the APP and its individual functions. Through the user interactions enabled by this, you can use all the functions.
-
Legal basis for the processing of personal data
If you expressly consent to the access to device functions, the legal basis for the use of this function is Art. 6 para. 1 lit. a DSGVO (consent through clear confirming action or behaviour).
-
How long will your data be stored?
Access to the respective device functions is required while using the app. If data is also collected, for example when exporting or downloading files to the storage space of your end device, these files are generally stored until you manually delete the files.
-
Possibility of objection and removal
You can revoke your consent at any time or object to the use of the permissions by withdrawing the corresponding permissions from the app in the app settings of your operating system. You can switch access to the permissions of your end device on or off for most end devices in the "Settings" under "Apps". Please note that deactivating access rights may have a negative impact on the functionality of the app. You can find out which rights you are entitled to and how to exercise them in the lower section of this privacy policy.
9. Access to functions of your Android end device that do not depend on your consent
In order to be able to use all the functions of the app under Android, the app requires access to certain functions of your end device. The app requires the following permissions:
-
-
Access to all networks
This allows us to use an existing internet connection (WLAN or mobile phone) to transfer data.
-
What personal data of yours do we process and what is it used for?
Access is required exclusively for the use of the app's functions. The specific use is listed with the respective function.
The primary purpose of data collection and processing is to provide you with an opportunity to use the APP and its individual functions in a customer-friendly way and to prove that the step target has been reached. The user interactions enabled by this will allow you to use all the functions.
-
Legal basis for the processing of personal data
In addition, the processing serves the functionality of the app and the provision of the best possible user comfort as well as, in particular, the generation of the code with which the achievement of the step goal can be proven. This is necessary for the fulfilment of the contract (Art. 6 para. 1 lit b) DSGVO).
-
How long will your data be stored?
Access to the respective device functions is required in each case during the use of the app. Insofar as further data is collected, for example when using the voice input, the duration of the storage results from the respective regulations on the special functions of the app that use this authorisation.
-
Possibility of objection and removal
The options for objection and removal are based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.
10. Google Firebase
We use Google Firebase tools to collect data to analyse app usage.
-
-
What data is collected and to what extent is it processed?
In our app, we use services of Google LL.C, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its subsidiary Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (hereinafter: Google). The services in question are Firebase Cloud Messaging and Crashlytics.
You can find more information on Google's data protection at https://firebase.google.com/terms/analytics.
It cannot be ruled out that personal data will also be transferred by Google and its associated companies to countries outside the EU, in particular to the USA. There is potentially a small risk that US authorities could access the data.
Firebase Cloud Messaging uses the Firebase installation IDs to determine to which devices messages should be sent.
-
What is the legal basis for the processing?
Art. 6 para. 1 lit. a DSGVO (consent), by explicit consent when using our app for sending push messages via Firebase Cloud Messaging.
-
Purpose of the data processing
Firebase Cloud Messaging uses Firebase installation IDs to determine which devices to send messages to. The person in charge can thus send push notifications specifically to the correct users.
With the help of Firebase Crashlytics, stability problems of an app can be tracked, prioritised and fixed in real time. For this purpose, technical data is collected and sent to the developers of the app. Based on the so-called UUID (a unique identification number), this data is collected from the users.
-
Duration of storage
The storage period depends on Google's regulations. You can track these at https://firebase.google.com/support/privacy
Firebase Cloud Messaging retains the Firebase installation IDs until the Firebase customer makes an API call to delete the ID. After that, the data is removed from the live and backup systems within 180 days.
-
Possibility of objection and deletion
You can revoke your consent to receive push messages via Firebase Cloud Messaging at any time in the general settings of the mobile device with effect for the future. You can also switch off push messages directly in the app settings.
For further information on data protection, please refer to Firebase's privacy policy at https://firebase.google.com/support/privacy.
-
Necessity of providing personal data
The provision of your personal data is not required by law or contract. . If you do not give your consent to use Firebase Cloud Messaging, you will not be able to receive push messages. However, you can contact us via our other contact options if you have any problems.
11. General information on contacting us by e-mail
Your personal data is - as far as possible - protected by technical and organisational measures during collection, storage and processing in such a way that it is not accessible to unauthorised third parties.
Please note that in the case of unencrypted communication by e-mail, complete data security cannot be guaranteed on the transmission path to our IT systems, so that we expressly recommend encrypted communication or the postal service for information requiring a high level of confidentiality.
When transmitting by e-mail, the following risks, among others, exist:
-
-
personal data could be disclosed to third parties without authorisation because the e-mail address is not correct.
-
They have no information on the receiving side, e.g. in which office any receiving device is located and which or how many employees have access to it.
-
Due to the transmission of data by e-mail via several distributed intermediate points, without encryption there is basically a possibility of access for unauthorised third parties Right to information and correction requests - Deletion & restriction of data - Revocation of consent - Right of objection
12. Your rights
-
12.1. Right to information
-
-
You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to be informed of the information specified in Art. 15 (1) of the GDPR, insofar as the rights and freedoms of other persons are not affected (cf. Art. 15 (4) of the GDPR). We will also be happy to provide you with a copy of the data.
-
12.2. Right of rectification
-
-
Pursuant to Art. 16 DSGVO, you have the right to have any incorrect personal data stored with us (such as address, name, etc.) corrected at any time. You can also request that the data stored with us be completed at any time. A corresponding adjustment will be made immediately.
-
12.3. Right to erasure
-
Pursuant to Art. 17 (1) DSGVO, you have the right to demand that we delete the personal data we have collected about you if
-
the data is either no longer needed;
-
due to the revocation of your consent, the legal basis of the processing has ceased to exist without replacement;
-
you have objected to the processing and there are no legitimate grounds for processing;
-
your data is processed unlawfully;
-
a legal obligation requires this or a collection pursuant to Art. 8 (1) DSGVO has taken place.
-
Pursuant to Art. 17 (3) of the GDPR, this right does not exist if
-
the processing is necessary for the exercise of the right to freedom of expression and information;
-
Your data has been collected on the basis of a legal obligation;
-
the processing is necessary for reasons of public interest;
-
the data is necessary for the assertion, exercise or defence of legal claims.
-
12.4. Right to restrict processing
-
According to Art. 18 (1) DSGVO, you have the right in individual cases to demand the restriction of the processing of your personal data.
This is the case when
-
the accuracy of the personal data is disputed by you;
-
the processing is unlawful and you do not consent to erasure;
-
the data is no longer needed for the purpose of processing, but the data collected serves the assertion, exercise or defence of legal claims;
-
an objection to the processing has been lodged pursuant to Art. 21 (1) DSGVO and it is still unclear which interests prevail.
-
12.5. Right of revocation
-
If you have given us express consent to process your personal data (Art. 6 para. 1 lit. a DSGVO), you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
-
12.6. Right to object
-
In accordance with Art. 21 DSGVO, you have the right to object at any time to the processing of personal data relating to you that has been collected on the basis of Art. 6 Para. 1 lit. f (in the context of a legitimate interest). You only have this right if there are special circumstances against the storage and processing.
-
12.7. Right to data portability
-
Pursuant to Art. 20 DSGVO, you have a right to the transmission of the personal data concerning you. We will provide the data in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.
We will provide you with the following data upon request pursuant to Art. 20 para. 1 DSGVO:
-
Data collected on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO;
-
Data that we have received from you in accordance with Art. 6 Para. 1 lit. b DSGVO within the framework of existing contracts and
-
the data have been processed within the framework of an automated procedure.
We will transfer the personal data directly to a data controller of your choice as far as this is technically feasible. Please note that we are not permitted to transfer data that interferes with the freedoms and rights of other persons pursuant to Art. 20 (4) of the GDPR.
-
12.8. How do you exercise your rights?
-
You can exercise your rights at any time by contacting us using the contact details below:
Beyond X Labs GmbH, Wallstr. 8, 60594 Frankfurt, Germany
E-mail: [email protected], Tel.: +49(0)69 90754800
13. Right to complain to the supervisory authority pursuant to Art. 77 para. 1 DSGVO
If you suspect that your data is being processed illegally on our site, you can of course have the issue clarified by the courts at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) DSGVO. The right of complaint pursuant to Art. 77 DSGVO is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the places mentioned above. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit our website. Our data protection practice is in accordance with the legal regulations of the EU's General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). The following data protection declaration serves to fulfil the information obligations resulting from the DSGVO. These can be found, for example, in Art. 13 and Art. 14 ff. DSGVO.
In the following, we explain the most important terms of the GDPR in accordance with Art. 4 of the GDPR and the processing of social data in accordance with the Social Code, which are mentioned in the following data protection declaration.
-
-
Personal data is any information relating to an identified or identifiable natural person (hereinafter: data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number. Personal data are e.g. name, contact details, job title.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of personal data.
Restriction of processing is the marking of stored personal data with the aim of limiting your future processing.
Anonymisation is when information does not relate to an identified or identifiable natural person, or personal data has been anonymised in such a way that the data subject cannot be identified or can no longer be identified.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable person.
A controller is any natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party.
Third party means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent of a data subject is any freely given, specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her. If we require consent to process your data, you will find this declaration of consent at the relevant point on the website. There you will also find further information on the processing of the data processed within the scope of the consent.
-
The controller within the meaning of Art. 4 No. 7 DSGVO is the person who alone or jointly with others determines the purposes and means of the processing of personal data.
provider of the app and is responsible under data protection law:
Beyond X Labs GmbH, Wallstr. 8, 60594 Frankfurt, Germany
E-Mail: [email protected], Tel.: +49(0)69 90754800
In order to make the operation of our platform as secure as possible, we work together with additional service providers on the basis of order processing contracts within the meaning of Art. 28 DSGVO.
The app is hosted on our behalf and technically supported by:
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg
It cannot be ruled out that personal data of the European offshoot of Amazon and its affiliated companies will also be transferred to states outside the EU, in particular to the USA. There, it is possible that government authorities can access the data even without a court order. You can find more information on how Amazon handles your data athttps://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.
In addition, the apps are hosted by the respective app store provider. The data protection regulations communicated by the app store operator apply.
When you download our app, certain information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store). In particular, the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the Mac address (Media Access Control) may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.
Each time you visit our website, our system automatically collects data and information from the device (e.g. computer, mobile phone, tablet, etc.).
5.1. What personal data of yours do we process and what is it used for?
-
-
(1) Information about the app and the version used
The operating system, the system version and the device ID as well as the manufacturer of the retrieval device
(3) The IP address as well as the MAC address of the retrieval device
(4) Date and time of access
(5) A unique ID to recognise the user
This data is stored in the log files of our system. This data is not stored together with further personal data of a specific user, so that individual website or app visitors are not identified. The data enables us to monitor and improve the stability and availability of our app over a longer period of time. The temporary (automated) storage of the data is necessary for the course of app use in order to enable the delivery of the app's content.
The storage and processing of personal data is also carried out to maintain the compatibility of our app for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the retrieving end device in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our app.
-
5.2. Legal basis for the processing of personal data
-
-
Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described above. Without created log files, no delivery of the app can take place, as the data is required, among other things, for the delivery of the content.
-
5.3. Duration of storage
-
-
The data is deleted when it is no longer needed to ensure the compatibility of the app for all visitors. This is the case no later than 3 months after the app has been used. The entry of the data requires the existence of a user account. Registration is not possible if the data you enter is incorrect. If the data you enter is incorrect or not entered at all, the protected area cannot be used. However, the rest of the site can still be used without a login.
-
Who gets access to your data?
The personal data you enter during registration will only be processed by the app provider. However, if you join a group, we will transmit the personal data you entered during registration (surname, first name and email address) to the group administrator existing within the group so that the group administrator can manage the group. The data is necessary for the group administrator to contact existing users of his group and - where necessary - to identify or assign them.
-
5.4. User list of the group
-
-
What personal data of yours do we process and what is it used for?
Within the framework of group administration, the group creator or group admin can manage (delete, view) the users who have joined via the group code. The group creator or group admin has access to the name and the stored e-mail address in order to uniquely identify the user. This information enables him to determine which users are actually authorised to participate in the group. They can also remove individual users.
-
What is the legal basis for the processing?
The collection and processing of the data is based on Art. 6 para. 1 lit. b DSGVO (implementation of (pre)contractual measures). In order for the group admin to be able to manage and identify the users, we must provide him with the relevant information.
-
How long will your data be stored?
The user's data is stored in the group for as long as the user is a member of a group. The admin no longer has access to the information after the user leaves the group or deletes the user account.
-
Possibility of objection and removal
You can find out what rights you have and how to exercise them at the bottom of this privacy statement.
-
Necessity of the information and consequences of failure to provide it
Joining a group is neither contractual nor legally required. If the user does not join a group, the data will not be transmitted. However, he or she will then also not be able to participate in the group and the shared content.
-
5.5. Statistical evaluations and contract management through the app
-
-
What personal data of yours do we process and what is it used for?
All personal data collected via the APP, such as login data, e-mail addresses, group memberships, booked and reserved assets, provided assets, etc., will be processed by the operator of the APP to enable you to interact with the app. In addition, the responsible party will prepare the data for statistical purposes and process it internally. The data will also be partially anonymised.
-
What is the legal basis for the processing?
The legal basis for the processing is the usage contract with regard to the app. The processing serves the fulfilment of the contract according to Art. 6 para. 1 lit. b DSGVO. The anonymisation of the data is also carried out in the legitimate interest of the operator of the app in accordance with Art. 6 para. 1 lit. f DSGVO.
-
How long will your data be stored?
Anonymised data is generally kept indefinitely. All other data is deleted when the user closes his or her user account and there are no longer any legal retention obligations.
-
Possibility of objection and removal
You can find out what rights you have and how to exercise them at the bottom of this privacy statement.
-
Necessity of the information and consequences of failure to provide it
The information is necessary to be able to use the app and is contractually required. Failure to provide this information means that the app cannot be used or can only be used to a limited extent.
-
5.6. Error reporting
-
-
What personal data of yours do we process and what is it used for?
The data recorded as part of our error reporting (model and operating system of the accessing device, version number of the app, a time specification and crash reporter key) serve to guarantee and optimise the functionality of the app. The detection and processing of errors in the app is required in order to be able to provide the app permanently and to be able to react to security problems with the required speed.
-
What is the legal basis for the processing?
Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.
-
How long will your data be stored?
The deletion of the data takes place immediately after the corresponding errors have been corrected, provided that no legal retention periods exist.
-
Your rights
You can object to the processing at any time in accordance with Article 21 of the GDPR and request the deletion of data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them in the lower section of this privacy policy.
-
Necessity of the information and consequences of failure to provide it
The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. Failure to provide it has no consequences.
-
5.7. Push Notifications:
-
-
What personal data of yours do we process and what is it used for?
Depending on the operating system (Apple or Android), an ID is assigned to your user device and stored. If the server sends a push notification to this ID, the message is automatically sent to the corresponding end device.
The transmission of messages as push messages serves to facilitate communication with the users of our app. Among other things, the user is informed via the app about innovations within the app (e.g. new posts and app functions).
-
What is the legal basis for the processing?
Art. 6 para. 1 lit. a DSGVO (consent) by your permission in the app or the settings of the mobile device.
-
How long will your data be stored?
The deletion of the data takes place immediately after the corresponding errors have been corrected, provided that no legal retention periods exist.
-
Possibility of objection and removal
You can deactivate the sending of push notifications at any time by either deactivating push notifications completely or withdrawing the corresponding authorisation from the app via the app settings. You can find out what rights you have and how to exercise them at the bottom of this privacy policy.
-
Necessity of the information and consequences of failure to provide it
The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. However, the use of the ID for the purpose of using push messages must be made if you wish to receive push messages. Failure to provide it may therefore result in you not being able to use the push function.
-
6.1. Apple Pay
-
-
With the "Apple Pay" payment method of Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your Apple device. The payment is released via the payment types and release mechanisms stored for the corresponding function, e.g. fingerprint, Face ID, PIN, etc.
The data is processed on the basis of Art. 6 (1) lit. b DSGVO for the purpose of payment and contract processing. The data is transmitted to Apple in encrypted form and then confirmed by Apple in such a way that we cannot draw any conclusions about the payment method used (behind Apple Pay). After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code back to us to confirm the success of the payment.
Further information on data protection with Apple Pay can be found at at https://support.apple.com/de-de/HT203027 und https://support.apple.com/de-de/HT204506.
-
6.2. Google Pay
-
-
With the "Google Pay" payment method of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, the payment is processed via the "Google Pay" function of your Android device. The payment is approved via the payment types and approval mechanisms stored for the corresponding function, such as fingerprint, Face ID, PIN, etc. The payment will be processed via the "Google Pay" function of your Android device.
The data is processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of payment and contract processing. Please note that for each transaction Google has the possibility to process certain information such as date, time, amount of the transaction, information about the goods etc. for its own purposes.
You can find further information on data protection with Google Pay at https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de.
-
If you use a terminal device with an iOS operating system, the following provisions of this clause apply 7. In order to be able to use all the functions of our app, it requires access to certain functions of your end device:
-
-
Siri & Search
Our app accesses the "Siri & Search" function by default, which allows you to control the app using shortcuts from Siri. In addition, the search results in your end device are influenced by this.
-
Memory
This access is needed so that the app can cache data offline on the end device. This may be necessary, for example, when using the camera function.
-
Camera
Group and asset symbols can be uploaded using the camera.
-
Access to all networks
This allows us to use an existing internet connection (WLAN or mobile phone) to transfer data.
-
What personal data of yours do we process and what is it used for?
Personal data is only processed when using the corresponding app functions. The specific processing of your personal data is listed with the respective app function. The purpose of the data processing is to enable you to use our app and its individual functions in a customer-friendly manner. Furthermore, the processing of your personal data serves the functionality of the app and the provision of the best possible user comfort.
-
Legal basis for the processing of personal data
Art. 6 para. 1 lit. a DSGVO (consent). The app only obtains access to your personal data with your express consent when using corresponding app functions.
In addition, individual functions (use of the device memory to store contents of the app) are partly necessary for the performance of the contract (Art. 6 para. 1 lit. b DSGVO).
-
How long will your data be stored?
Access to the respective device functions is required in each case during the use of our app. If data is collected in addition, for example when exporting or downloading files to the storage space of your end device, these files are generally stored until you manually delete the files.
-
Possibility of objection and removal
You can revoke your consent at any time or object to the use of the permissions by withdrawing the corresponding permissions from the app in the app settings of your operating system. You can switch access to the permissions of your end device on or off for most end devices in the "Settings" under "Apps". Please note that deactivating access rights may have a negative impact on the functionality of the app. You can find out which rights you are entitled to and how to exercise them in the lower section of this privacy policy.
-
In order to be able to use all the functions of the app under Android, the app requires access to certain functions of your end device. The app requires the following permissions. Please note that the following access rights require your active consent. These functions cannot be used without your express consent (during installation or at a later time in the app).
-
-
Memory:
This access is needed so that the app can cache data offline on the end device. This may be necessary, for example, when using the camera function.
-
Camera
Group and asset symbols can be uploaded using the camera.
-
What personal data of yours do we process and what is it used for?
Access is required exclusively for the use of the app's functions. The specific use is listed with the respective function.
The primary purpose of data collection and processing is to provide you with a customer-friendly way to use the APP and its individual functions. Through the user interactions enabled by this, you can use all the functions.
-
Legal basis for the processing of personal data
If you expressly consent to the access to device functions, the legal basis for the use of this function is Art. 6 para. 1 lit. a DSGVO (consent through clear confirming action or behaviour).
-
How long will your data be stored?
Access to the respective device functions is required while using the app. If data is also collected, for example when exporting or downloading files to the storage space of your end device, these files are generally stored until you manually delete the files.
-
Possibility of objection and removal
You can revoke your consent at any time or object to the use of the permissions by withdrawing the corresponding permissions from the app in the app settings of your operating system. You can switch access to the permissions of your end device on or off for most end devices in the "Settings" under "Apps". Please note that deactivating access rights may have a negative impact on the functionality of the app. You can find out which rights you are entitled to and how to exercise them in the lower section of this privacy policy.
-
In order to be able to use all the functions of the app under Android, the app requires access to certain functions of your end device. The app requires the following permissions:
-
-
Access to all networks
This allows us to use an existing internet connection (WLAN or mobile phone) to transfer data.
-
What personal data of yours do we process and what is it used for?
Access is required exclusively for the use of the app's functions. The specific use is listed with the respective function.
The primary purpose of data collection and processing is to provide you with an opportunity to use the APP and its individual functions in a customer-friendly way and to prove that the step target has been reached. The user interactions enabled by this will allow you to use all the functions.
-
Legal basis for the processing of personal data
In addition, the processing serves the functionality of the app and the provision of the best possible user comfort as well as, in particular, the generation of the code with which the achievement of the step goal can be proven. This is necessary for the fulfilment of the contract (Art. 6 para. 1 lit b) DSGVO).
-
How long will your data be stored?
Access to the respective device functions is required in each case during the use of the app. Insofar as further data is collected, for example when using the voice input, the duration of the storage results from the respective regulations on the special functions of the app that use this authorisation.
-
Possibility of objection and removal
The options for objection and removal are based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.
-
We use Google Firebase tools to collect data to analyse app usage.
-
-
What data is collected and to what extent is it processed?
In our app, we use services of Google LL.C, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and its subsidiary Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (hereinafter: Google). The services in question are Firebase Cloud Messaging and Crashlytics.
You can find more information on Google's data protection at https://firebase.google.com/terms/analytics.
It cannot be ruled out that personal data will also be transferred by Google and its associated companies to countries outside the EU, in particular to the USA. There is potentially a small risk that US authorities could access the data.
Firebase Cloud Messaging uses the Firebase installation IDs to determine to which devices messages should be sent.
-
What is the legal basis for the processing?
Art. 6 para. 1 lit. a DSGVO (consent), by explicit consent when using our app for sending push messages via Firebase Cloud Messaging.
-
Purpose of the data processing
Firebase Cloud Messaging uses Firebase installation IDs to determine which devices to send messages to. The person in charge can thus send push notifications specifically to the correct users.
With the help of Firebase Crashlytics, stability problems of an app can be tracked, prioritised and fixed in real time. For this purpose, technical data is collected and sent to the developers of the app. Based on the so-called UUID (a unique identification number), this data is collected from the users.
-
Duration of storage
The storage period depends on Google's regulations. You can track these at https://firebase.google.com/support/privacy
Firebase Cloud Messaging retains the Firebase installation IDs until the Firebase customer makes an API call to delete the ID. After that, the data is removed from the live and backup systems within 180 days.
-
Possibility of objection and deletion
You can revoke your consent to receive push messages via Firebase Cloud Messaging at any time in the general settings of the mobile device with effect for the future. You can also switch off push messages directly in the app settings.
For further information on data protection, please refer to Firebase's privacy policy at https://firebase.google.com/support/privacy.
-
Necessity of providing personal data
The provision of your personal data is not required by law or contract. . If you do not give your consent to use Firebase Cloud Messaging, you will not be able to receive push messages. However, you can contact us via our other contact options if you have any problems.
-
Your personal data is - as far as possible - protected by technical and organisational measures during collection, storage and processing in such a way that it is not accessible to unauthorised third parties.
Please note that in the case of unencrypted communication by e-mail, complete data security cannot be guaranteed on the transmission path to our IT systems, so that we expressly recommend encrypted communication or the postal service for information requiring a high level of confidentiality.
When transmitting by e-mail, the following risks, among others, exist:
-
-
personal data could be disclosed to third parties without authorisation because the e-mail address is not correct.
-
They have no information on the receiving side, e.g. in which office any receiving device is located and which or how many employees have access to it.
-
Due to the transmission of data by e-mail via several distributed intermediate points, without encryption there is basically a possibility of access for unauthorised third parties Right to information and correction requests - Deletion & restriction of data - Revocation of consent - Right of objection
-
-
12.1. Right to information
-
-
You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to be informed of the information specified in Art. 15 (1) of the GDPR, insofar as the rights and freedoms of other persons are not affected (cf. Art. 15 (4) of the GDPR). We will also be happy to provide you with a copy of the data.
-
-
12.2. Right of rectification
-
-
Pursuant to Art. 16 DSGVO, you have the right to have any incorrect personal data stored with us (such as address, name, etc.) corrected at any time. You can also request that the data stored with us be completed at any time. A corresponding adjustment will be made immediately.
-
-
12.3. Right to erasure
-
Pursuant to Art. 17 (1) DSGVO, you have the right to demand that we delete the personal data we have collected about you if
-
the data is either no longer needed;
-
due to the revocation of your consent, the legal basis of the processing has ceased to exist without replacement;
-
you have objected to the processing and there are no legitimate grounds for processing;
-
your data is processed unlawfully;
-
a legal obligation requires this or a collection pursuant to Art. 8 (1) DSGVO has taken place.
-
Pursuant to Art. 17 (3) of the GDPR, this right does not exist if
-
the processing is necessary for the exercise of the right to freedom of expression and information;
-
Your data has been collected on the basis of a legal obligation;
-
the processing is necessary for reasons of public interest;
-
the data is necessary for the assertion, exercise or defence of legal claims.
-
-
12.4. Right to restrict processing
-
According to Art. 18 (1) DSGVO, you have the right in individual cases to demand the restriction of the processing of your personal data.
This is the case when
-
the accuracy of the personal data is disputed by you;
-
the processing is unlawful and you do not consent to erasure;
-
the data is no longer needed for the purpose of processing, but the data collected serves the assertion, exercise or defence of legal claims;
-
an objection to the processing has been lodged pursuant to Art. 21 (1) DSGVO and it is still unclear which interests prevail.
-
-
12.5. Right of revocation
-
If you have given us express consent to process your personal data (Art. 6 para. 1 lit. a DSGVO), you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
-
12.6. Right to object
-
In accordance with Art. 21 DSGVO, you have the right to object at any time to the processing of personal data relating to you that has been collected on the basis of Art. 6 Para. 1 lit. f (in the context of a legitimate interest). You only have this right if there are special circumstances against the storage and processing.
-
12.7. Right to data portability
-
Pursuant to Art. 20 DSGVO, you have a right to the transmission of the personal data concerning you. We will provide the data in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.
We will provide you with the following data upon request pursuant to Art. 20 para. 1 DSGVO:
-
Data collected on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO;
-
Data that we have received from you in accordance with Art. 6 Para. 1 lit. b DSGVO within the framework of existing contracts and
-
the data have been processed within the framework of an automated procedure.
We will transfer the personal data directly to a data controller of your choice as far as this is technically feasible. Please note that we are not permitted to transfer data that interferes with the freedoms and rights of other persons pursuant to Art. 20 (4) of the GDPR.
-
-
12.8. How do you exercise your rights?
-
You can exercise your rights at any time by contacting us using the contact details below:
Beyond X Labs GmbH, Wallstr. 8, 60594 Frankfurt, Germany
E-mail: [email protected], Tel.: +49(0)69 90754800
If you suspect that your data is being processed illegally on our site, you can of course have the issue clarified by the courts at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) DSGVO. The right of complaint pursuant to Art. 77 DSGVO is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the places mentioned above. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.