App Privacy Policy
App Privacy Policy
App Privacy Policy
App Privacy Policy
App Privacy Policy
App Privacy Policy
App Privacy Policy
App Privacy Policy
01
Information about the collection of personal data and contact details of the responsible party
We are pleased that you are using our application (hereinafter referred to as "App"). Below we inform you about the handling of your personal data when using our App. Personal data is all data that can be used to identify you personally.
The party responsible for data processing concerning this App in accordance with the General Data Protection Regulation (GDPR) is Yomoko UG (limited liability), Straße der Jugend 18, 14974 Ludwigsfelde, Germany, Phone: +49 (0)176 98 60 71 58, E-mail: office@yomoko.app. The party responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
02
Log files when using our mobile app
If you download our mobile app via an app store, the required information will be transmitted to the app store, specifically your username, email address, and customer number of your account, the time of download, payment information, and the individual device identifier. We have no influence over this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.
When using our mobile app, we collect the personal data described below to enable comfortable use of the function. If you would like to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request
Access status / HTTP status code
Amount of data sent in bytes
Source/referral from which you accessed the page
Browser used
Language and version of the browser software
Operating system used and its interface
IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our app. There will be no transfer or other use of the data. However, we reserve the right to subsequently review the aforementioned log files should there be concrete indications of unlawful use.
Furthermore, we require your unique device number (IMEI = International Mobile Equipment Identity), unique subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly the MAC address for Wi-Fi usage, and the name of your mobile device.
03
Hosting & Content Delivery Network
Firebase Cloud Storage
We use the web hosting service "Firebase Cloud Storage" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for hosting and displaying the app content based on processing on our behalf. All data collected on our website is processed on Google’s servers. As part of the aforementioned services, data may also be transferred as part of further processing on behalf to servers of Google LLC in the USA. We have concluded a data processing agreement with Google for the use of Firebase, which obligates Google to protect the data of our site visitors and not to share it with third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission. Further information on Google’s data protection regarding Firebase can be found at the following website: https://firebase.google.com/support/privacy Further processing on servers other than the aforementioned ones from Google only takes place within the framework communicated below.
04
Cookies
To make our app attractive and enable the use of certain features, we use so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after closing the app (so-called session cookies). Other cookies remain on your device and allow us to recognize you (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to a limited extent. Persistent cookies are automatically deleted after a predetermined period, which may vary depending on the cookie.
Some cookies are used to simplify the operation of the app by saving settings. If any cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the app as well as a customer-friendly and effective design of app usage.
You can configure the settings of your mobile operating system and the app according to your wishes, for example by refusing the acceptance of third-party cookies or all cookies. However, we would like to point out that in this case, you may not be able to use all the functions of our mobile app.
05
Using your address book, calendar, photos, and reminders
At the beginning of using our mobile app, we ask you for permission to access your address book and/or calendar and/or photos and/or reminders in a pop-up. If you do not give consent, we will not use this data. In this case, you may not be able to use all features of our app. You can grant or revoke consent later in the settings of your operating system.
If you allow access to this data, the mobile app will only access your data and transfer it to our server as far as necessary for providing functionality. Your data will be treated confidentially by us and deleted when you revoke the right to use or when it is no longer necessary for providing the service and no legal retention obligations exist. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
06
Collection of location data
With your consent, our offering includes so-called Location-Based Services, which allow us to provide you with special offers tailored to your specific location. You can only use this function after you have agreed via a pop-up that we can collect your location data through GPS and your IP address in anonymized form for the purposes of service delivery. You can grant or revoke this function at any time in the settings of the app or your mobile operating system. Your location will only be transmitted to us if you utilize features of the app that we can only offer with knowledge of your location.
07
Contact
In the context of contacting us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen in the respective contact form in the app. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after your request has been conclusively processed. This is the case when it can be inferred from the circumstances that the relevant facts have been definitively clarified and provided that there are no statutory retention obligations to the contrary.
08
Data processing when opening a customer account
According to Art. 6 para. 1 lit. b of the GDPR, personal data will continue to be collected and processed when you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the aforementioned address of the responsible party. We store and use the data you provide to us for contract processing. After the complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, which we will inform you about below.
09
Registration in the app
You can register in our app by providing personal data. The personal data processed for registration results from the input mask used for registration. We use the so-called double opt-in procedure for registration, i.e., your registration is only completed once you have confirmed your registration by clicking on the link contained in the confirmation email sent to you for this purpose. If your confirmation in this regard does not occur within 24 hours, your registration will be automatically deleted from our database. Providing the aforementioned data is mandatory. You can voluntarily provide any additional information by using our portal.
When you use our app, we store the data necessary for the fulfillment of the contract, also possibly payment method details, until you permanently delete your access. Furthermore, we store the data you voluntarily provided for the duration of your use of the portal, as long as you do not delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Article 6 (1) lit. f GDPR.
Furthermore, we store all content you publish (e.g. public posts, wall entries, guestbook entries, etc.) in order to operate the app. We have a legitimate interest in providing the app with complete user-generated content. The legal basis for this is Article 6 (1) lit. f GDPR. If you delete your account, your comments, especially those published in the forum, will still be visible to all readers, but your account will no longer be retrievable. All other data will be deleted in this case.
10
Use of your data for direct marketing
Registration for our Email Newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For the dispatch of the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter after you have explicitly confirmed that you agree to receive the newsletter. We will then send you a confirmation email, asking you to confirm by clicking on a corresponding link that you want to receive the newsletter in the future.
By activating the confirmation link, you grant us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When signing up for the newsletter, we store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration in order to trace any potential misuse of your email address at a later time. The data we collect during the newsletter registration will only be used for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending an appropriate message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be deleted immediately from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve further data usage that is permitted by law and about which we inform you in this statement.
11
Shipping of push notifications
You can subscribe to receive our push notifications. You will regularly receive information about our offered services via our push notifications.
To subscribe, you must confirm the receipt of notifications or allow it in the settings of your operating system. This process is documented and stored. This includes the storage of the registration time as well as your device identification. The collection of this data is necessary so that we can display the push notifications and also to be able to trace the processes in case of abuse; thus, it serves our legal protection. The processing of this data is based on Art. 6 para. 1 lit. a GDPR.
You can revoke your consent to the storage and use of your personal data for receiving our push notifications and the previously described statistical collection at any time with effect for the future. For the purpose of revoking consent, you can unsubscribe from the setting for receiving push notifications in your app settings in your operating system.
Your data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your data will therefore be stored as long as the subscription to our push notifications is active.
12
Online marketing
“Advertising Identifier”
For advertising purposes, we use the so-called “Advertising Identifier” (IDFA). This is a unique, but non-personalized and non-permanent identification number for a specific device, provided by iOS. The data collected via the IDFA are not linked to any other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate your usage. If you enable the option “Limit Ad Tracking” in the iOS settings under “Privacy” – “Advertising,” we can only take the following measures: measuring your interaction with banners by counting the number of times a banner is shown without clicking on it (“frequency capping”), click-through rate, determining unique usage (“unique user”), as well as security measures, fraud prevention, and error corrections. You can delete the IDFA at any time in your device settings (“Reset Advertising ID”), which will create a new IDFA that will not be linked with the previously collected data. We point out that you may not be able to use all functions of our app if you restrict the use of the IDFA.
13
Implemented technologies
Usercentrics Consent Management Platform
Description of the Service
This is a consent management service. In this app, Usercentrics GmbH is used as a processor for the purpose of consent management.
Legal Basis
Art. 6 para. 1 sentence 1 lit. c GDPR
Purposes of Data Processing
Compliance with legal obligations
Storage of consent
Collected Data
Opt-in and opt-out data
Referrer URL
User Agent
User settings
Consent ID
Time of consent
Type of consent
Template version
Banner language
IP address
Geographic location
Data Recipients
Usercentrics GmbH
Used Technologies
Local Storage
Pixel
Transfer to Third Countries
–
Retention Period
The consent data (consent granted and withdrawal of consent) will be stored for one year. The data will then be deleted immediately.
Processing Company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany
Place of Processing
European Union
Data Protection Officer of the Processing Company
Data Protection Regulations of the Data Processor
https://usercentrics.com/privacy-policy/
Firebase Authentication
Description of the Service
This service is used to authenticate users in an app.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Authentication
Collected Data
Password
Email address
Phone number
User Agent
IP address
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Cookies
Transfer to Third Countries
Worldwide
Retention Period
The Firebase authentication stores logged IP addresses for several weeks. It stores other authentication information until the Firebase customer requests the deletion of the associated user, after which the data will be removed within 180 days from live and backup systems.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
https://firebase.google.com/terms/data-processing-terms
Cookie Policy of the Data Processor
https://firebase.google.com/support/troubleshooter/contact
Firebase Firestore
Description of the Service
This is a flexible, scalable database for mobile, web, and server development by Firebase and Google Cloud. It is used to synchronize the user’s data across client apps through real-time listeners and offers offline support for mobile devices and the internet, allowing you to create responsive apps that work independently of network latency or internet connection.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Web hosting
Collected Data
IP address
User Agent
Usage data
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Web SDK
Transfer to Third Countries
United States of America, Singapore, Chile, Taiwan
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
https://firebase.google.com/terms/data-processing-terms
Firebase Cloud Functions
Description of the Service
This is a serverless framework that allows the user to automatically execute back-end code in response to events triggered by Firebase functions and HTTPS requests.
Legal Basis
Art. 17 para. 1 lit. a GDPR
Purposes of Data Processing
Functionality
Collected Data
IP address
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Cookies
Transfer to Third Countries
Chile, Singapore, Taiwan, United States of America
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://firebase.google.com/support/troubleshooter/contact
Data Protection Regulations of the Data Processor
https://firebase.google.com/terms/data-processing-terms
Firebase Cloud Storage
Description of the Service
This is a cloud storage platform for app developers that need to store and serve user-generated content such as photos or videos.
Legal Basis
Art. 49 para. 1 sentence 1 lit. a GDPR
Purposes of Data Processing
Cloud storage
Provision of services
Collected Data
Accessed content
Accessed applications
Internet provider
Access status
Access method
Time of access or retrieval
Data Recipients
Alphabet Inc., Google LLC, Google Ireland Limited
Transfer to Third Countries
Chile, Singapore, Taiwan, United States of America
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Regulations of the Data Processor
https://policies.google.com/privacy?hl=de
Cookie Policy of the Data Processor
https://policies.google.com/technologies/cookies?hl=de
Firebase Cloud Messaging (FCM)
Description of the Service
This is a cross-platform messaging solution that allows you to send messages reliably and for free.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Provision of targeted messages and communications
Targeting
Analysis
Collected Data
Message exchange
Message text
Installation ID
Data Recipients
Alphabet Inc., Google LLC, Google Ireland Limited
Used Technologies
JavaScript
Cookies
Transfer to Third Countries
Chile, Singapore, Taiwan, United States of America
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Regulations of the Data Processor
https://policies.google.com/privacy?hl=de
Cookie Policy of the Data Processor
https://policies.google.com/technologies/cookies?hl=de
Google Maps
Description of the Service
This is an integrated map service.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Show maps
Collected Data
Date and time of the visit
Location information
IP address
URL
Usage data
Search terms
Geographic location
Data Recipients
Google Ireland Limited, Google LLC, Alphabet Inc
Used Technologies
API
Transfer to Third Countries
United States of America, Singapore, Taiwan, Chile
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google LLC
1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
http://www.google.com/intl/de/policies/privacy/
Cookie Policy of the Data Processor
https://policies.google.com/technologies/cookies?hl=de
Firebase Crashlytics
Description of the Service
This is Google's Software Development Kit (SDK) that provides a crash reporting service, allowing you to track, prioritize, and fix stability issues of the app.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Optimization
Error reporting
Error tracking
Collected Data
Error data
Unique ID
Crash data
IP address
Data Recipients
Alphabet Inc., Google LLC.
Used Technologies
Mobile SDK
Transfer to Third Countries
United States of America, Taiwan, Singapore, Chile
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Regulations of the Data Processor
https://firebase.google.com/support/privacy
Cookie Policy of the Data Processor
https://firebase.google.com/terms/crashlytics
Google Analytics for Firebase
Description of the Service
This is an analytics tool.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Analysis
Advertising
Collected Data
Identifiers
Usage data
Session duration
IP address
Geographic location
Device operating system
Device information
Time of the user's first visit
App updates
Application requests
Content viewed
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Cookies
Transfer to Third Countries
Taiwan, Singapore, Chile, United States of America
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
https://policies.google.com/privacy?hl=de
Google Web Fonts
This app uses web fonts from the following provider to ensure consistent font rendering: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
When using this app, the required web fonts are loaded to display text and fonts correctly and establishes a direct connection to the provider's servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.
Data may also be transmitted to: Google LLC, USA
The processing of personal data in connection with establishing contact with the font provider will only take place if you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service through the "Cookie Consent Tool" provided in the app. If your browser does not support web fonts, a standard font from your computer will be used.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
14
Rights of the data subject
14.1
The applicable data protection law grants you comprehensive rights as a data subject towards the controller regarding the processing of your personal data (rights to access and intervention), which we inform you about below:
Right to access according to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of a right to rectification, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and anticipated consequences for you of such processing, as well as your right to be informed about what guarantees exist under Art. 46 GDPR when your data is transferred to third countries;
Right to rectification according to Art. 16 GDPR: You have the right to obtain without delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;
Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data provided that the requirements of Art. 17 (1) GDPR are met. However, this right does not apply, in particular, when the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data contested by you is verified, if you refuse the deletion of your data due to unlawful processing and instead request the restriction of processing of your data, if you require your data for the establishment, exercise, or defense of legal claims, after we no longer need this data for the purposes of processing, or if you have lodged an objection for reasons relating to your particular situation, as long as it is still not clear whether our legitimate grounds override yours;
Right to notification according to Art. 19 GDPR: If you have asserted the right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed, of such rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller, as far as this is technically feasible;
Right to withdraw granted consents according to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the affected data without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
Right to lodge a complaint according to Art. 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace or the place of the alleged infringement.
14.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREVAILING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
15
Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – additionally by the respective legal retention period (e.g., commercial and tax retention periods).
In the case of processing personal data based on an explicit consent according to Art. 6 para. 1 lit. a GDPR, the affected data will be stored as long as you do not revoke your consent.
If there are legal retention periods for data that are processed in the context of contractual or contractual-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, unless they are no longer required for the fulfillment of the contract or the initiation of a contract and/or we have no legitimate interest in continuing to store them.
In the case of processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored as long as you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
In the case of processing personal data for the purposes of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object according to Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or processed in other ways.
01
Information about the collection of personal data and contact details of the responsible party
We are pleased that you are using our application (hereinafter referred to as "App"). Below we inform you about the handling of your personal data when using our App. Personal data is all data that can be used to identify you personally.
The party responsible for data processing concerning this App in accordance with the General Data Protection Regulation (GDPR) is Yomoko UG (limited liability), Straße der Jugend 18, 14974 Ludwigsfelde, Germany, Phone: +49 (0)176 98 60 71 58, E-mail: office@yomoko.app. The party responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
02
Log files when using our mobile app
If you download our mobile app via an app store, the required information will be transmitted to the app store, specifically your username, email address, and customer number of your account, the time of download, payment information, and the individual device identifier. We have no influence over this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.
When using our mobile app, we collect the personal data described below to enable comfortable use of the function. If you would like to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request
Access status / HTTP status code
Amount of data sent in bytes
Source/referral from which you accessed the page
Browser used
Language and version of the browser software
Operating system used and its interface
IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our app. There will be no transfer or other use of the data. However, we reserve the right to subsequently review the aforementioned log files should there be concrete indications of unlawful use.
Furthermore, we require your unique device number (IMEI = International Mobile Equipment Identity), unique subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly the MAC address for Wi-Fi usage, and the name of your mobile device.
03
Hosting & Content Delivery Network
Firebase Cloud Storage
We use the web hosting service "Firebase Cloud Storage" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for hosting and displaying the app content based on processing on our behalf. All data collected on our website is processed on Google’s servers. As part of the aforementioned services, data may also be transferred as part of further processing on behalf to servers of Google LLC in the USA. We have concluded a data processing agreement with Google for the use of Firebase, which obligates Google to protect the data of our site visitors and not to share it with third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission. Further information on Google’s data protection regarding Firebase can be found at the following website: https://firebase.google.com/support/privacy Further processing on servers other than the aforementioned ones from Google only takes place within the framework communicated below.
04
Cookies
To make our app attractive and enable the use of certain features, we use so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after closing the app (so-called session cookies). Other cookies remain on your device and allow us to recognize you (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to a limited extent. Persistent cookies are automatically deleted after a predetermined period, which may vary depending on the cookie.
Some cookies are used to simplify the operation of the app by saving settings. If any cookies we use also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the app as well as a customer-friendly and effective design of app usage.
You can configure the settings of your mobile operating system and the app according to your wishes, for example by refusing the acceptance of third-party cookies or all cookies. However, we would like to point out that in this case, you may not be able to use all the functions of our mobile app.
05
Using your address book, calendar, photos, and reminders
At the beginning of using our mobile app, we ask you for permission to access your address book and/or calendar and/or photos and/or reminders in a pop-up. If you do not give consent, we will not use this data. In this case, you may not be able to use all features of our app. You can grant or revoke consent later in the settings of your operating system.
If you allow access to this data, the mobile app will only access your data and transfer it to our server as far as necessary for providing functionality. Your data will be treated confidentially by us and deleted when you revoke the right to use or when it is no longer necessary for providing the service and no legal retention obligations exist. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
06
Collection of location data
With your consent, our offering includes so-called Location-Based Services, which allow us to provide you with special offers tailored to your specific location. You can only use this function after you have agreed via a pop-up that we can collect your location data through GPS and your IP address in anonymized form for the purposes of service delivery. You can grant or revoke this function at any time in the settings of the app or your mobile operating system. Your location will only be transmitted to us if you utilize features of the app that we can only offer with knowledge of your location.
07
Contact
In the context of contacting us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen in the respective contact form in the app. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after your request has been conclusively processed. This is the case when it can be inferred from the circumstances that the relevant facts have been definitively clarified and provided that there are no statutory retention obligations to the contrary.
08
Data processing when opening a customer account
According to Art. 6 para. 1 lit. b of the GDPR, personal data will continue to be collected and processed when you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the aforementioned address of the responsible party. We store and use the data you provide to us for contract processing. After the complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, which we will inform you about below.
09
Registration in the app
You can register in our app by providing personal data. The personal data processed for registration results from the input mask used for registration. We use the so-called double opt-in procedure for registration, i.e., your registration is only completed once you have confirmed your registration by clicking on the link contained in the confirmation email sent to you for this purpose. If your confirmation in this regard does not occur within 24 hours, your registration will be automatically deleted from our database. Providing the aforementioned data is mandatory. You can voluntarily provide any additional information by using our portal.
When you use our app, we store the data necessary for the fulfillment of the contract, also possibly payment method details, until you permanently delete your access. Furthermore, we store the data you voluntarily provided for the duration of your use of the portal, as long as you do not delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Article 6 (1) lit. f GDPR.
Furthermore, we store all content you publish (e.g. public posts, wall entries, guestbook entries, etc.) in order to operate the app. We have a legitimate interest in providing the app with complete user-generated content. The legal basis for this is Article 6 (1) lit. f GDPR. If you delete your account, your comments, especially those published in the forum, will still be visible to all readers, but your account will no longer be retrievable. All other data will be deleted in this case.
10
Use of your data for direct marketing
Registration for our Email Newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For the dispatch of the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter after you have explicitly confirmed that you agree to receive the newsletter. We will then send you a confirmation email, asking you to confirm by clicking on a corresponding link that you want to receive the newsletter in the future.
By activating the confirmation link, you grant us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When signing up for the newsletter, we store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration in order to trace any potential misuse of your email address at a later time. The data we collect during the newsletter registration will only be used for advertising purposes via the newsletter. You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending an appropriate message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be deleted immediately from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve further data usage that is permitted by law and about which we inform you in this statement.
11
Shipping of push notifications
You can subscribe to receive our push notifications. You will regularly receive information about our offered services via our push notifications.
To subscribe, you must confirm the receipt of notifications or allow it in the settings of your operating system. This process is documented and stored. This includes the storage of the registration time as well as your device identification. The collection of this data is necessary so that we can display the push notifications and also to be able to trace the processes in case of abuse; thus, it serves our legal protection. The processing of this data is based on Art. 6 para. 1 lit. a GDPR.
You can revoke your consent to the storage and use of your personal data for receiving our push notifications and the previously described statistical collection at any time with effect for the future. For the purpose of revoking consent, you can unsubscribe from the setting for receiving push notifications in your app settings in your operating system.
Your data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your data will therefore be stored as long as the subscription to our push notifications is active.
12
Online marketing
“Advertising Identifier”
For advertising purposes, we use the so-called “Advertising Identifier” (IDFA). This is a unique, but non-personalized and non-permanent identification number for a specific device, provided by iOS. The data collected via the IDFA are not linked to any other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate your usage. If you enable the option “Limit Ad Tracking” in the iOS settings under “Privacy” – “Advertising,” we can only take the following measures: measuring your interaction with banners by counting the number of times a banner is shown without clicking on it (“frequency capping”), click-through rate, determining unique usage (“unique user”), as well as security measures, fraud prevention, and error corrections. You can delete the IDFA at any time in your device settings (“Reset Advertising ID”), which will create a new IDFA that will not be linked with the previously collected data. We point out that you may not be able to use all functions of our app if you restrict the use of the IDFA.
13
Implemented technologies
Usercentrics Consent Management Platform
Description of the Service
This is a consent management service. In this app, Usercentrics GmbH is used as a processor for the purpose of consent management.
Legal Basis
Art. 6 para. 1 sentence 1 lit. c GDPR
Purposes of Data Processing
Compliance with legal obligations
Storage of consent
Collected Data
Opt-in and opt-out data
Referrer URL
User Agent
User settings
Consent ID
Time of consent
Type of consent
Template version
Banner language
IP address
Geographic location
Data Recipients
Usercentrics GmbH
Used Technologies
Local Storage
Pixel
Transfer to Third Countries
–
Retention Period
The consent data (consent granted and withdrawal of consent) will be stored for one year. The data will then be deleted immediately.
Processing Company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany
Place of Processing
European Union
Data Protection Officer of the Processing Company
Data Protection Regulations of the Data Processor
https://usercentrics.com/privacy-policy/
Firebase Authentication
Description of the Service
This service is used to authenticate users in an app.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Authentication
Collected Data
Password
Email address
Phone number
User Agent
IP address
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Cookies
Transfer to Third Countries
Worldwide
Retention Period
The Firebase authentication stores logged IP addresses for several weeks. It stores other authentication information until the Firebase customer requests the deletion of the associated user, after which the data will be removed within 180 days from live and backup systems.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
https://firebase.google.com/terms/data-processing-terms
Cookie Policy of the Data Processor
https://firebase.google.com/support/troubleshooter/contact
Firebase Firestore
Description of the Service
This is a flexible, scalable database for mobile, web, and server development by Firebase and Google Cloud. It is used to synchronize the user’s data across client apps through real-time listeners and offers offline support for mobile devices and the internet, allowing you to create responsive apps that work independently of network latency or internet connection.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Web hosting
Collected Data
IP address
User Agent
Usage data
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Web SDK
Transfer to Third Countries
United States of America, Singapore, Chile, Taiwan
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
https://firebase.google.com/terms/data-processing-terms
Firebase Cloud Functions
Description of the Service
This is a serverless framework that allows the user to automatically execute back-end code in response to events triggered by Firebase functions and HTTPS requests.
Legal Basis
Art. 17 para. 1 lit. a GDPR
Purposes of Data Processing
Functionality
Collected Data
IP address
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Cookies
Transfer to Third Countries
Chile, Singapore, Taiwan, United States of America
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://firebase.google.com/support/troubleshooter/contact
Data Protection Regulations of the Data Processor
https://firebase.google.com/terms/data-processing-terms
Firebase Cloud Storage
Description of the Service
This is a cloud storage platform for app developers that need to store and serve user-generated content such as photos or videos.
Legal Basis
Art. 49 para. 1 sentence 1 lit. a GDPR
Purposes of Data Processing
Cloud storage
Provision of services
Collected Data
Accessed content
Accessed applications
Internet provider
Access status
Access method
Time of access or retrieval
Data Recipients
Alphabet Inc., Google LLC, Google Ireland Limited
Transfer to Third Countries
Chile, Singapore, Taiwan, United States of America
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Regulations of the Data Processor
https://policies.google.com/privacy?hl=de
Cookie Policy of the Data Processor
https://policies.google.com/technologies/cookies?hl=de
Firebase Cloud Messaging (FCM)
Description of the Service
This is a cross-platform messaging solution that allows you to send messages reliably and for free.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Provision of targeted messages and communications
Targeting
Analysis
Collected Data
Message exchange
Message text
Installation ID
Data Recipients
Alphabet Inc., Google LLC, Google Ireland Limited
Used Technologies
JavaScript
Cookies
Transfer to Third Countries
Chile, Singapore, Taiwan, United States of America
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Regulations of the Data Processor
https://policies.google.com/privacy?hl=de
Cookie Policy of the Data Processor
https://policies.google.com/technologies/cookies?hl=de
Google Maps
Description of the Service
This is an integrated map service.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Show maps
Collected Data
Date and time of the visit
Location information
IP address
URL
Usage data
Search terms
Geographic location
Data Recipients
Google Ireland Limited, Google LLC, Alphabet Inc
Used Technologies
API
Transfer to Third Countries
United States of America, Singapore, Taiwan, Chile
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google LLC
1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
http://www.google.com/intl/de/policies/privacy/
Cookie Policy of the Data Processor
https://policies.google.com/technologies/cookies?hl=de
Firebase Crashlytics
Description of the Service
This is Google's Software Development Kit (SDK) that provides a crash reporting service, allowing you to track, prioritize, and fix stability issues of the app.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Optimization
Error reporting
Error tracking
Collected Data
Error data
Unique ID
Crash data
IP address
Data Recipients
Alphabet Inc., Google LLC.
Used Technologies
Mobile SDK
Transfer to Third Countries
United States of America, Taiwan, Singapore, Chile
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Regulations of the Data Processor
https://firebase.google.com/support/privacy
Cookie Policy of the Data Processor
https://firebase.google.com/terms/crashlytics
Google Analytics for Firebase
Description of the Service
This is an analytics tool.
Legal Basis
Art. 6 para. 1 sentence 1 lit. f GDPR
Purposes of Data Processing
Analysis
Advertising
Collected Data
Identifiers
Usage data
Session duration
IP address
Geographic location
Device operating system
Device information
Time of the user's first visit
App updates
Application requests
Content viewed
Data Recipients
Google LLC, Google Ireland Limited, Alphabet Inc
Used Technologies
Cookies
Transfer to Third Countries
Taiwan, Singapore, Chile, United States of America
Retention Period
Data will be deleted as soon as they are no longer needed for processing purposes.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Place of Processing
European Union
Data Protection Officer of the Processing Company
https://support.google.com/policies/contact/general_privacy_form
Data Protection Regulations of the Data Processor
https://policies.google.com/privacy?hl=de
Google Web Fonts
This app uses web fonts from the following provider to ensure consistent font rendering: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
When using this app, the required web fonts are loaded to display text and fonts correctly and establishes a direct connection to the provider's servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.
Data may also be transmitted to: Google LLC, USA
The processing of personal data in connection with establishing contact with the font provider will only take place if you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service through the "Cookie Consent Tool" provided in the app. If your browser does not support web fonts, a standard font from your computer will be used.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
14
Rights of the data subject
14.1
The applicable data protection law grants you comprehensive rights as a data subject towards the controller regarding the processing of your personal data (rights to access and intervention), which we inform you about below:
Right to access according to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of a right to rectification, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and anticipated consequences for you of such processing, as well as your right to be informed about what guarantees exist under Art. 46 GDPR when your data is transferred to third countries;
Right to rectification according to Art. 16 GDPR: You have the right to obtain without delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;
Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data provided that the requirements of Art. 17 (1) GDPR are met. However, this right does not apply, in particular, when the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data contested by you is verified, if you refuse the deletion of your data due to unlawful processing and instead request the restriction of processing of your data, if you require your data for the establishment, exercise, or defense of legal claims, after we no longer need this data for the purposes of processing, or if you have lodged an objection for reasons relating to your particular situation, as long as it is still not clear whether our legitimate grounds override yours;
Right to notification according to Art. 19 GDPR: If you have asserted the right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed, of such rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller, as far as this is technically feasible;
Right to withdraw granted consents according to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the affected data without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
Right to lodge a complaint according to Art. 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace or the place of the alleged infringement.
14.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREVAILING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
15
Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – additionally by the respective legal retention period (e.g., commercial and tax retention periods).
In the case of processing personal data based on an explicit consent according to Art. 6 para. 1 lit. a GDPR, the affected data will be stored as long as you do not revoke your consent.
If there are legal retention periods for data that are processed in the context of contractual or contractual-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, unless they are no longer required for the fulfillment of the contract or the initiation of a contract and/or we have no legitimate interest in continuing to store them.
In the case of processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored as long as you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
In the case of processing personal data for the purposes of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object according to Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or processed in other ways.
