Privacy Policy

Google Sign-In

In our App, we provide a Single-Sign-On function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In addition to data transmission to the above-mentioned provider location, data may also be transmitted to: Google LLC, USA

If you have an account with the provider, you can use these account credentials to create a user account or register on our website.

When visiting this page, a direct connection between your browser and the provider's servers can be established through this login function, even if you don't have an account with the provider or aren't logged into one. The provider thereby receives information that you have visited our page. Any information collected (including your IP address, if applicable) is transmitted directly from your browser to a server of the provider and stored there. However, this information is not used to personally identify you and is not shared with third parties.

These data processing operations are carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in providing a user-friendly and interactive design of our online presence.

When you click the login button to register on our website using your provider account data, the provider transmits to us, exclusively based on your explicit consent pursuant to Art. 6(1)(a) GDPR, the general and publicly accessible information stored in your account (User ID, name, address, email address, age, and gender).

We store and use the data transmitted by the provider to set up a user account with the necessary data (title, first name, last name, address data, country, email address, date of birth), provided you have released this information to the provider. Conversely, based on your consent, data (e.g., information about your browsing or purchasing behavior) may be transferred from us to your account with the provider.

The given consent can be withdrawn at any time with effect for the future.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Further information about Google's privacy policy can be found here: https://business.safety.google/privacy/

When you download our mobile app through an app store, the required information is transmitted to the app store, specifically including username, email address and customer number of your account, time of download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to your mobile device.

When using our mobile app, we collect the following personal data to enable comfortable use of the functions. If you wish to use our mobile app, we collect the following data that is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:

• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request
• Access status/HTTP status code
• Amount of data transferred in bytes
• Source/reference from which you accessed the page
• Browser used
• Language and version of the browser software
• Operating system used and its interface
• IP address used (if applicable: in anonymized form)

The processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our App. No transfer or other use of the data takes place. However, we reserve the right to check the aforementioned log files retrospectively if there are concrete indications of illegal use.

Furthermore, we need your unique device number (IMEI = International Mobile Equipment Identity), unique network subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), potentially MAC address for WIFI usage, and the name of your mobile device.

When contacting us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen in the respective contact form in the App. This data is stored and used exclusively for the purpose of responding to your inquiry or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your inquiry. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

According to Art. 6(1)(b) GDPR, personal data continues to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen in the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the controller's address mentioned above. We store and use the data you provide for contract processing. After complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or we have reserved the right to further use data as permitted by law, about which we inform you accordingly below.

To execute contracts concluded through the App, we work with the service provider(s) listed below who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.

You can register in our App by providing personal data. Which personal data is processed for registration can be seen in the input form used for registration. We use the so-called double opt-in procedure for registration, i.e., your registration is only complete once you have confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If you do not confirm within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory. You can voluntarily provide all additional information through the use of our portal.

When you use our App, we store your data necessary for contract fulfillment, including any payment method information, until you permanently delete your access. We also store the data you voluntarily provided for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6(1)(f) GDPR. Furthermore, we store all content published by you (such as public posts, bulletin board entries, guestbook entries, etc.) to operate the App. We have a legitimate interest in providing the App with complete user-generated content. The legal basis for this is Art. 6(1)(f) GDPR. When you delete your account, your statements published particularly in the forum remain visible to all readers, but your account is no longer accessible. All other data will be deleted in this case.

You can sign up to receive our push notifications. Through our push notifications, you will regularly receive information about our offered services.

To sign up, you must confirm receipt of notifications or allow them in your operating system settings. This process is documented and stored. This includes storing the time of registration and your device identification. The collection of this data is necessary so that we can display the push notifications and track processes in case of misuse, thus serving our legal protection. The processing of this data is carried out on the basis of Art. 6(1)(a) GDPR.

You can revoke your consent to the storage and use of your personal data for receiving our push notifications and the previously described statistical collection at any time with effect for the future. To revoke consent, you can unsubscribe from push notifications using the designated setting in your App settings in your operating system.

Your data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. Your data will therefore be stored for as long as the subscription to our push notifications is active.

"Advertising Identifier"

For advertising purposes, we use the so-called "Advertising Identifier" (IDFA). This is a unique, but non-personalized and non-permanent identification number for a specific device provided by iOS. The data collected via the IDFA is not linked to other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate its usage. If you activate the "no ad tracking" option in iOS settings under "Privacy" - "Advertising", we can only take the following measures: measuring your interaction with banners by counting the number of times a banner is displayed without clicking on it ("frequency capping"), click-through rate, determination of unique usage ("unique user") as well as security measures, fraud prevention, and error correction. You can delete the IDFA at any time in the device settings ("Reset Ad-ID"), then a new IDFA will be created that will not be merged with previously collected data. Please note that you may not be able to use all functions of our App if you restrict the use of IDFA.

Firebase Crashlytics

For creating anonymized crash reports, we use "Firebase Crashlytics", a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to improve the stability and reliability of our App.

Exclusively based on your explicit consent pursuant to Art. 6(1)(a) GDPR, anonymous information is transmitted to Google's servers in the event of an app crash (app state at the time of crash, Installation UUID, crash trace, manufacturer and operating system of the phone, latest log messages). Transfers to Google LLC. in the USA are also possible. This information does not contain any personal data.

When using an iOS-based device, you can give consent in the App settings or after a crash. When using an Android-based device, you have the option during setup to generally consent to the transmission of crash notifications to Google and app developers.

You can revoke your consent at any time by:

• Deactivating the "Crash Reports" function in the App settings on iOS
• Adjusting the system settings on Android. To do this, open the App settings, select "Google" and in the three-dot menu in the top right, select "Usage & Diagnostics". Here you can deactivate the sending of the corresponding data.

For more information about privacy, please refer to Firebase Crashlytics' privacy policy at https://firebase.google.com/support/privacy

The duration of storage of personal data is determined based on the respective legal basis, the processing purpose and – if applicable – additionally based on the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, this data is stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the scope of legal obligations or similar obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in continued storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.