1 Preliminary Remarks
a) Version History
|
Date |
Version |
Description |
|
19.12.2024 |
0.1 |
First Version DSB |
b) Responsibilty of Revision of this Document
The Data Protection Officer is responsible for the maintenance and further development of this document.
c) Scope of Application
This document applies to the Flockr mobile application.
2 General information and principles of data processing
We are pleased that you are visiting our website or using our services. The protection of your privacy and the protection of your personal data, so-called personal data, when using our website and our services is important to us.
According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address.
Data that cannot be linked to your person, such as anonymized data, is not personal data. Processing (e.g. collection, storage, retrieval, consultation, use, transmission, erasure or destruction) in accordance with Art. 4 No. 2 GDPR always requires your consent or another legal basis. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.
Here you will find information about how we handle your personal data when you visit our website and the services we offer. In order to provide the functions and services, it is necessary for us to collect personal data about you.
Below you will also find information on the type and scope of the respective data processing, the purpose and the corresponding legal basis as well as the respective storage period.
This privacy policy applies only to this website and the services we offer. It does not apply to third-party websites to which we merely refer via a hyperlink. We cannot assume any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether they comply with the statutory data protection regulations. For information on how third parties handle your personal data, please refer directly to their websites.
3 Responsible Body
Responsible for the processing of personal data on this website and the services offered is:
AtWize Business Services GmbH
VAT ID DE362983234
Baaderstrasse 40
80469 München, Germany
info@atwize.com
4 Data Protection Officer
You can also contact our data protection officer at any time if you have any questions about data protection:
Dr. Georg F. Schröder, LL.M.
legal data Schröder Rechtsanwaltsgesellschaft mbH
Prannerstr. 1
80333 München, Germany
Tel: +49-89 - 954 597 520
Fax: +49-89 - 954 597 522
E-Mail:
georg.schroeder@legaldata.law
5 Provision and Use of the website/server log files
a) Type and scope of data processing
If you use this website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data in the form of log data (so-called log files), which are automatically transmitted to our server by your terminal device, e.g:
- IP address
- Date and time of the request
- URL of the accessed subpage
- URL of the page from which you were redirected to our site (so-called referrer URL)
- Access status/HTTP status code
- Type, language and version of the browser software
- Operating system
b) Purpose and legal basis of data processing
This processing is technically necessary in order to display our website to you. We also use the data to ensure the security and stability of our website.
The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.
c) Storage period
As soon as the aforementioned personal data is no longer required to display the website, it will be deleted. This is the case no later than seven days after visiting our website. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Further storage may take place in individual cases if this is required by law.
6 Processing in the context of our Flockr-App
a) Type and scope of data processing
Your account information:
To create a Flockr account, you are required to provide your e-mail address, your mobile phone number and a profile name of your choice. Without this information, it is not possible to set up an account and use our services. In addition, you can enter optional details such as a profile picture, information about yourself as well as availability, meeting points, activity suggestions etc. or add an “About” description to your account.
Your messages and information are usually stored locally on your device or devices and also on our servers provided by our partner companies and are protected by appropriate measures against access by third parties.
Account and account access information
When you register or log in to our Service, we verify your Flockr account by, for example, sending you a code via SMS or email, calling you or sending you a verification link via email or SMS. In certain cases, we may ask you for additional information to ensure that you are the rightful owner of the Flockr account.
Authentication information
To verify your identity and ensure security, we store authentication codes to ensure that only you can access your account.
User options
We store data about your in-app settings, privacy options and logs of acceptance of our terms of use. You have complete control over your privacy settings. We also record whether you have activated push notifications.
Availability information:
You can decide whether you want to share your availability status. If you enter your availability and, if applicable, your current location or your suggested meeting point as well as your suggestion for an activity, this will also be shared with your availability. Availability can be recognized by features on your profile or profile picture.
Location information:
You have the option to share precise location data from your device or via your intended meeting point. You enter your location information in messages or in your availability information and share it with your Flockr contacts or one or more groups of your Flockr contacts.
Even if you do not use any location-based functions, we use automatically determined information such as IP addresses or telephone area codes to determine your approximate location (e.g. your country).
Your contacts:
You can use the contact upload to regularly provide us with the names, phone numbers and email addresses from your device's address book. This includes the data (phone numbers, emails and names) of users of our services as well as those of your other contacts. If one of your contacts does not yet use our services, this information is managed in such a way that it is not possible for us to identify them.
In addition, we collect information about users who contact you and are not stored in your device address book, as well as about users who you have blocked or who have blocked you.
Groups and flock chats:
You can create groups and flock chats (group chats), join them or be added to them by others. These groups and flock chats are then linked to your account. You have the option of giving them a name. If you do not, a default name will be generated automatically. We collect information about when groups and flock chats are created or updated.
Usage information:
We automatically collect data about your use of our services, including your activities (e.g. how and when you use our services), your interactions with other users and the timing, frequency and duration of your activities. This also includes details about the features you use, such as availability information, calls, status updates, groups or messaging features. We store timestamps, such as when you were last online, sent or received messages, as well as the time of the last update of your profile information.
Device and connection data:
We collect device and connection-specific information when you install, use or access our services. This includes your hardware model, operating system, battery status, signal strength, app version, browser information, mobile network and connection details such as Wi-Fi or mobile data usage, your mobile service provider or internet service provider (ISP), language, time zone, IP address, device operating data and device identifiers.
Customer support information and your other communications to us
When you contact us for customer support or otherwise communicate with us, you may provide us with information about your use of our services. This may include copies of your messages, additional information you deem relevant to clarify your request and your contact details (e.g. email address). For example, you can send us an email to describe problems with the app performance or other issues.
We also collect data about how you use our customer support functions. In addition, we process your responses to surveys or questions on various topics, such as what you like or dislike about our services.
Information for diagnostic and troubleshooting purposes:
We collect data about the performance of our services during your use, including service-specific information for diagnostic and performance purposes. This includes log files, timestamps, crash data, website performance logs and error reports.
b) Purpose and legal basis of data processing
- on the basis of express consent (Art. 6 para. 1 lit. a) GDPR) - e.g. pseudonymous cookie IDs for personalized advertising, e-mail addresses for sending newsletters,
- for the fulfillment of a contractual relationship (Art. 6 para. 1 lit. b) GDPR) - e.g. billing and payment data, booked services
- to fulfill legal obligations (Art. 6 para. 1 lit. c) GDPR) - e.g. order confirmations and invoices,
- to safeguard our so-called legitimate interests (Art. 6 para. 1 lit. f) GDPR); in this case, we will inform you in each case what our legitimate interest in data processing is - e.g. technical data to ensure system security.
c) Storage period
The data will be deleted as soon as it is no longer required for the purpose of its processing. If such retention obligations exist, we will block or delete your data when these statutory retention periods expire.
If you delete your account with us, your data will initially be blocked for further use and deleted after the statutory retention periods have expired.
7 Contact Form
a) Type and scope of data processing
On our website, we give you the opportunity to contact us using a form provided. As part of the process of sending your request via the contact form, reference is made to this privacy policy to obtain your consent.
If you use the contact form, the following personal data may be processed by you:
- Customer number
- title
- First name
- Surname
- Title
- Postal address
- Postal code
- Town
- Country
- e-mail address
- Telephone number
- Subject
- Content of the message
When using the contact form, your personal data will not be passed on to third parties.
b) Purpose and legal basis
The purpose of providing your contact details is to be able to respond to your request.
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR, which you can revoke at any time for the future.
c) Storage period
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request).
Mandatory statutory provisions - in particular retention periods under the German Commercial Code (HGB) or the German Fiscal Code (AO) - remain unaffected by this.
8 Contact options by e-mail
a) Type and scope of data processing
You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us, the metadata (time stamp, other recipients) and any personal data you provide when contacting us.
Please note that e-mails are always sent unencrypted and therefore it cannot be ruled out that third parties may gain knowledge of them. You can also contact us by post at any time.
b) Purpose and legal basis
The purpose of data processing is to respond to your request appropriately. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. There is a legitimate interest in processing the above-mentioned personal data to process your request.
c) Storage period
The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted regularly if the purpose of the communication no longer applies and storage is no longer required due to statutory retention obligations. This may result, for example, from the processing of your request.
9 Application options
a) Type and scope of data processing
You can apply to us by e-mail. When you apply, we collect and store the data that you send us by e-mail (see also section 10 of this privacy policy).
b) Purpose and legal basis of data processing
We only process your data for the purpose of processing your application. Your data will not be passed on to third parties. The legal basis for the processing is Art. 88 para. 1 GDPR in conjunction with § Section 26 para. 1 BDSG. If, in the event of a rejection, you give us your consent to the further storage of your data so that we can return to your application in the future if necessary, the legal basis is Art. 6 para. 1 lit. a) GDPR.
c) Storage period
If we are unable to offer you a position, we will store your data for a maximum of six months after the end of the application process, taking into account Section 61b (1) ArbGG in conjunction with Section 15 AGG. § 15 AGG. The start of the period is the receipt of the rejection letter.
If you have given us your consent to include you in our applicant pool, we will store your data for a maximum of two years.
d) Data transfer
Your data will only be received by the bodies involved in the decision (responsible personnel or specialist departments, management).
In addition, we may be obliged by law, official or court order to transfer your data to public bodies (e.g. public prosecutor's office, police, supervisory authorities, tax office, social security institutions, etc.).
Other data recipients may be those bodies for which you have given us your consent to transfer data.
10 Use of Cookies
We use cookies. Cookies are small files that are stored on your computer and saved by your browser. Some functions of our services cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our services again and transmit various information to us. We use cookies to facilitate and improve the use of our services. Among other things, cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our services and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. Various types of cookies are used in our services, the nature and function of which we would like to explain below.
Temporary cookies / session cookies
Our website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as you close your browser. With the help of this type of cookie, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your device when you visit the website at a later date. These session cookies expire at the end of the session.
Persistent cookies
So-called persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can delete permanent cookies yourself via your browser settings.
Legal basis and storage period
Due to the purposes of use described, the legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice (“cookie banner”) provided by us on the website, the legal basis is Art. 6 para. 1 lit. a) GDPR.
As soon as the data transmitted to us via the cookies is no longer required for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.
Configuration of the browser settings
Most web browsers are preset to accept cookies automatically. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use all the functions of our website.
You can also use your browser settings to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the corresponding configuration options. Deactivating the use of cookies may require the storage of a permanent cookie on your computer. If you delete this cookie, you will need to set it again for it to take effect again. You can find more information on configuring the cookie settings in the respective browsers at
- Edge
- Safari
- Chrome
- Firefox
- Opera
Cookie categories
We use the following categories of cookies:
a) Necessary cookies
Necessary cookies ensure functions without which our website cannot be used as intended. These strictly necessary cookies are used, for example, to ensure that logged-in users remain logged in at all times when accessing various subpages. These are so-called first-party cookies, which are only set and used by us. These cookies do not require consent. You can deactivate cookies in your browser at any time.
b) Functional cookies
With the help of functional cookies, we can also extend the functionality of our site to show you additional useful information or to optimize the presentation of our site. The data collected using such cookies may vary depending on the purpose of the cookie and is listed directly with the respective tool used.
c) Statistics cookies
Statistics cookies can be used to collect information about the use of a website in order to improve its attractiveness, content and functionality. This concerns, for example, the time spent on the page, the subpages accessed and the functions used (click behavior).
d) Marketing cookies
Marketing cookies can be used to display interest-based advertising to website visitors and to measure the effectiveness of advertising campaigns. With the help of these cookies, visitors can be recognized on other websites and shown personalized ads there.
11 Social Networks
We link to our presence on social networks on this website. When you visit our website, no data is transmitted to the operator of the respective social network, but only when you actively follow the link to our profile on the respective social network or click on the social plugin. The following data categories, among others, are processed by the respective social network
- IP address
- Date, time
- Visited website
If you are logged into your user account of the respective network when you visit our profile page on a social network, the operator of the social network may be able to assign the information collected from the specific visit to your personal account.
If you interact via a “Share” or “Like” button of the respective network, this information can also be assigned to the user's personal account and possibly published.
If you want to prevent the information collected from being directly assigned to your user account, you must log out of the respective social network before accessing our profile page or before using the social plugin.
You can also configure the user account with the respective social network accordingly.
If you access our profile page on a social network, the operator of the social network may also place cookies on your device, regardless of whether you have an account with the network or whether you are logged in there. Cookies are data packets that mark the user's end device with a specific identifier. Cookies are primarily used to display personalized advertising to visitors to social networks, including our profile pages. This is done, for example, by displaying ads from the social network's advertising partners whose websites the user has previously visited on the pages of the social network. Cookies also enable us to compile statistics on the use of our profile page (e.g. number of page views, user categories). If we receive such statistical analyses from the operator of the social network, the data is anonymized by the operator beforehand, i.e. it is not possible for us to assign usage data to an individual user.
The purpose of processing your data on our profile page on the respective social network is to provide information about our offers and services and to respond to any inquiries on our profile page. The legal basis for the processing is Art. 6 para. 1 f) GDPR. In this respect, public relations work is covered by our legitimate interests within the meaning of the provision. If you use a social plugin integrated by us, the legal basis is your consent in accordance with Art. 6 para. 1 a) GDPR.
We delete private messages that you send us via social networks 2 years after the last communication with you. We generally leave public posts from you (e.g. in our timeline) published permanently until you expressly request their deletion.
We have no influence on which data is collected and transmitted by the operator of the social network, to which third party recipients the data is transmitted by the operator of the social network and how long the data is stored by the operator of the social network. Please refer to the privacy policy of the respective social network.
We reserve the right to delete illegal content published by users on our profile page on the respective social network, e.g. copyright infringements or statements relevant under criminal law.
According to the case law of the European Court of Justice, we are jointly responsible with the operator of the respective social network for the operation of our profile page or the social plugin with regard to compliance with data protection regulations. In this context, the operator of the social network provides the associated IT infrastructure and the website of the social network and is generally the primary point of contact when it comes to the processing of your data on the pages of the social network (e.g. information or deletion). However, you can also assert your legal rights against us. In this case, we will forward your requests to the operator of the social network.
In the case of US providers (LinkedIn, YouTube), data is transferred to the USA. By concluding so-called EU standard contractual clauses, these providers have undertaken to comply with a level of data protection that essentially corresponds to the European level. TikTok may also transfer personal data outside the European Economic Area (EEA) on the basis of EU standard contractual clauses.
Please note, however, that the existence of an appropriate data protection standard for providers outside the EU / EEA - even in the case of the conclusion of EU standard contractual clauses - cannot be guaranteed in every case.
We integrate the following social networks on our website through links:
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 D02 AD98, Ireland
https://www.linkedin.com/legal/privacy-policy/
YouTube:
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland
https://policies.google.com/privacy?hl=de
Xing:
Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
https://privacy.xing.com/de/datenschutzerklaerung
12 Data transmission
We only pass on your personal data to third parties if:
· you have given your express consent to this in individual cases in accordance with Art. 6 para. 1 lit. a) GDPR;
· this is permitted by law and required in accordance with Art. 6 (1) (b) GDPR for the performance of a contractual relationship with you or the implementation of pre-contractual measures (e.g. to payment, shipping, delivery or collection service providers);
· there is a legal obligation to disclose data in accordance with Art. 6 para. 1 lit. c) GDPR (e.g. to authorities, social security institutions, health insurance funds, supervisory authorities and law enforcement authorities)
· the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary to safeguard legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (e.g. to debt collection service providers);
· we use external service providers (so-called processors) for processing in accordance with Art. 28 GDPR, who process data in accordance with our instructions and are obliged to handle your data carefully (e.g. in the areas of IT or marketing).
Sharing with other users
We share your profile information with other users as part of our services. Further information on this can be found in the description of our services in our General Terms and Conditions.
Transfer to third countries
When transferring to external bodies in third countries, i.e. outside the European Union (EU) or the contracting states of the Agreement on the European Economic Area (EEA), we ensure that these bodies treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees.
If we use service providers in the USA, data is transferred to the USA on the basis of the European Commission's new adequacy decision on the EU-US Privacy Framework, provided that the US company in question has joined the EU-US Privacy Framework and is certified accordingly. This certification confirms that the required data protection regulations and practices are complied with by the US company. If the service provider used is not or not yet certified, data will be exchanged during the transition period on the basis of the standard contractual clauses.
The list of certified companies can be found here:
https://www.dataprivacyframework.gov/s/participant-search
13 Data security and security measures
We are committed to protecting your privacy and treating your personal data confidentially. To this end, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.
These include the use of recognized encryption methods (SSL or TLS). However, data disclosed without encryption, for example by unencrypted e-mail, may be read by third parties. We have no influence over this. It is the responsibility of the user to protect the data provided by them against misuse by means of encryption or in any other way.
14 Changes to the Privacy Policy
We reserve the right to update this declaration at any time if necessary.
15 Your Legal Rights
a) Right to withdraw your consent under data protection law pursuant to Art. 7 para. 3 sentence 1 GDPR
You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to the point of withdrawal.
b) Right to information in accordance with Art. 15 GDPR
You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.
c) Right to rectification and completion pursuant to Art. 16 GDPR
You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
d) Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR
You have the right to erasure if the processing is not necessary. This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully.
For security reasons and to avoid unintentional deletion of the account, you can carry out the deletion yourself in your account. You must be logged in to your account for the deletion.
e) Right to restriction of processing in accordance with Art. 18 GDPR
You have a right to restriction of processing, e.g. if you believe that the personal data is incorrect.
f) Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
g) Right to object pursuant to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you.
In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
h) Automated decision-making in individual cases including profiling in accordance with Art. 22 GDPR
You have the right not to be subject to a decision based solely on automated processing - including profiling - except in the exceptional cases mentioned in Art. 22 GDPR.
A decision based solely on automated processing - including profiling - does not take place.
i) Complaint to a data protection supervisory authority pursuant to Art. 77 GDPR
You can also lodge a complaint with a data protection supervisory authority at any time, for example if you are of the opinion that the data processing does not comply with data protection regulations.
In any case, especially in case of discrepancies between the versions, the German version is the valid one regarding this Privacy Policy.