In the following, we inform you about the collection and processing of your personal data when using the Goalship App. Personal data is any information that can be identified as relating to you personally, e.g., name, address, email address, IP address or data on usage behavior.
The mobile app is available via distribution platforms operated by third parties, so-called app stores (Google Play Store and Apple iTunes). Downloading the app may require prior registration with the respective app store and installation of the app store software. We have no influence on the processing of personal data in connection with the registration and provision of downloads in the respective app store and the app store software. The responsible party for the app stores is solely the operator of the app stores. Please inform yourself directly with the operator of the app stores if required.
In the app, you have the option of dictating text by voice input in addition to input via keyboard. Voice input (Google) or dictation (Apple) is a functionality provided by the operating system of our app. When used, the speech is processed by a third party (e.g., Apple or Google) as the responsible party and the result is delivered to our app and output in the input field of the app. For details of the functionality and how you can switch the use on or off, please contact the respective operating system manufacturer.
Please note that this privacy policy is for informational purposes only. Only the German Datenschutzerklärung is legally binding.
1. Responsible party (Controller)
Responsible party for the processing of personal data within the mobile app pursuant to Art. 4 No. 7 EU-GDPR (European General Data Protection Regulation; in German “europäische Datenschutzgrundverordnung” or EU-DSGVO) is:
Lechvalley UG (limited liability)
Gannenbacherstr. 4
86956 Schongau
Germany
(hereinafter "we")
2. Data Protection Officer
You can reach our data protection officer at: contact@lechvalley.com
3. Processing and purpose of personal data
3.1 Processing of personal data when using our mobile app, which are necessary for the provision of the app, Art. 6 No. 1 lit. b) EU-GDPR If you want to use our mobile app, we process the following personal data that are technically necessary for us to offer you the functions of our mobile app and to be able to ensure stability and security, such as: Date and time of the request Time zone difference from Greenwich Mean Time (GMT) Content of the request Access status, http status code Data volume transferred in each case Operating system, incl. language and version The legal basis for the use of your data to provide the app is Art. 6 No. 1 sentence 1 lit. b) EU-GDPR (data processing for the performance of a contract). The provision and transmission of your data is necessary because the provision of the app is otherwise technically impossible.
3.2 Processing of personal data when using our mobile app based on consent, Art. 6 No. 1 lit. a) EU-GDPR. Furthermore, we process data that you have provided to us as part of the app, such as:
Content you create, such as posts or comments
Login data with mobile phone number
Software status of the device
Number of software updates
The legal basis for the processing of the data voluntarily provided by you in the app is Art. 6 No. 1 lit. a) EU-GDPR (consent of the person concerned). You can revoke your consent for the future at any time. To do so, please use the contact details above.
3.3 Processing of special categories of personal data when using our mobile app based on consent, Art. 9 (2) lit. a EU-GDPR. You can create and share content or goals in the app that fall into categories with special protections. This may include i.e. the following data:
Ethnic origin, Political opinions, Health data
The legal basis for the processing of the special categories of personal data voluntarily provided by you in the app is Art. 9 No. 2 a) EU-GDPR (consent of the data subject). Please take care to share this data extremely carefully. You can revoke your consent for the future at any time. To do so, please use the contact details above.
3.4 Permissions of the app In order to use all functions of the app on your device, the app must be able to access various functions and data of your mobile device. For this purpose, it is necessary that you grant certain authorizations in the sense of consent according to Art. 6 No. 1 lit. a) EU-GDPR.
3.4.1 Camera or photo gallery
The app requires access to the camera or photo gallery for certain functions, e.g., the chat function. You can deactivate access at any time in the settings of your device.
3.4.2 Push notifications
You can allow push notifications via the app. We need your consent for this. You can deactivate the function at any time in the settings of your device and in the app settings.
3.4.3 Contact details
You can allow the app to access your saved contacts so that you can add them as "Friends" to the app. You can disable the app's access to your contacts at any time in the app's settings.
3.5 Visibility of your data in the app
3.5.1 Users of the app can see the profile and profile picture of other users from their friends or contact list
3.5.2 All users who follow a private or public goal together can see all updates and chats for this goal
3.5.3 If users post a goal publicly, their profile can also be seen by all users and friend requests can be made
3.5.4 All user data can be viewed by the administrators of the app in a non-public admin panel. This is primarily for the purpose of reviewing user reports on alleged or actual violations of the app's terms of use (see terms and conditions) as well as a delete option for the corresponding goals, rewards or persons.
3.5.5 Users can delete all their data and profile from the app themselves. This is done using the "Delete account" function in the settings. If the app is only uninstalled from your end device, the user data is retained and is automatically called up again when the app is reinstalled.
4. Dissemination of data
We never disclose your personal data to third parties without authorization. However, we may disclose your data to third parties if you have consented to the disclosure of data, if the disclosure is necessary to comply with our legal obligations or if we are entitled or obliged to disclose data due to legal provisions or official or court orders. This may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights. We may also transfer your data to external service providers who process data on our behalf and according to our instructions (processors) in order to simplify or relieve our own data processing. Each processor is bound by a contract in accordance with Article 28 of the GDPR. This means that the processor must provide sufficient guarantees that suitable technical and organizational measures will be implemented by it in such a way that the processing is carried out in accordance with the requirements of the GDPR and the protection of your rights as a data subject is guaranteed. Despite the commissioning of processors, we remain the controller for the processing of your personal data within the meaning of the data protection laws.
5. Data transfer to non-EU country
All information that we receive from you or about you is generally processed on servers within the European Union. A transfer of your data to or a processing of your data in third countries takes place without your express consent only if this is provided for or permitted by law, an appropriate level of data protection is ensured in the third country or contractual obligations exist through so-called standard data protection clauses of the EU. Please note that the USA is a so-called unsafe third country. There is a risk when transferring personal data to the USA that US security authorities can access this data under the "Cloud Act". EU citizens do not have effective legal remedies in the US or the EU against these measures.
6. Services used
6.1 Google Firebase To ensure the functionality and reliability of our app, we use the Google Firebase tool. This is a service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. represents in the EU the company Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
By using the services, data is transmitted to Google EU and under certain circumstances from Google EU to Google US. The Google Group may process the transmitted data to create anonymous user profiles for statistical purposes. If you also have a Google account and are logged in to it, Google can assign the transmitted data to your account - even across devices. In principle, we have no influence on this data processing. Google EU is therefore responsible for this data processing.
To redirect users to any location and function within our app, we use the "Dynamic Links" function. With the help of this function, users can be redirected to the various contents of the app at any time. The device data required for this is only stored temporarily in order to provide the service. We also use the "Cloud Messaging" function to send users targeted and context-related messages within the app and to technically enable push notifications.
We have obligated Google to comply with the data protection regulations and have concluded an order processing contract for this purpose in accordance with Art. 28 EU-GDPR. The details of the standard contractual clauses concluded (guarantee of the level of data protection in third countries) can be found here: https://support.google.com/adspolicy/answer/10042247?hl=de.
For further information on data protection, please refer to Firebase's privacy policy at: https://firebase.google.com/support/privacy.
Insofar as we use the services of Google Firebase, this is done exclusively using the above-mentioned functionalities and for the explicitly stated purposes. The legal basis for this is Art. 6 No. 1 lit. f) EU-GDPR, as it is our legitimate interest to provide you with a functional app.
6.2 Google Analytics
The Goalship App uses the "Google Analytics" service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd. represents in the EU the company Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics is used to analyze the use of the app. The information about the use of this app is usually transferred to a Google server in the USA and stored there. IP anonymization has been activated in our app, so that your transmitted IP address is shortened and thus partially rendered unrecognizable, i.e., anonymized, before being transmitted out of the scope of the EU-GDPR. Only in exceptional cases will the full IP address first be transmitted to a Google server in the USA and shortened immediately there. On our behalf, Google will use the transmitted information to evaluate your use of our app, compile reports on app activity and provide other services related to app and internet usage for us. The IP address transmitted by you as part of Google Analytics will not be merged with other data from Google. You can find more information on the terms of use and data protection for Google Analytics at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/technologies/partner-sites?hl=de.
The legal basis for the use of Google Analytics is Art. 6 No. 1 sentence 1 lit. a) EU-GDPR (consent of the person concerned). We ask you for your consent to the use of the service when you first open the app via a displayed message text. You can revoke your consent at any time with effect for the future by deleting your account.
7. Storage period
Unless otherwise specified in detail, we store data collected from you only if it is required for the respective purpose, unless there are legal obligations to retain data that prevent deletion, e.g., from commercial law or tax law. If you no longer wish us to use your data to provide the Services to you, you may delete your account. We will delete your data as a result, unless there are legal retention obligations that prevent deletion or retention is necessary to resolve disputes.
8. Your rights
You have the following rights in relation to us in respect of personal data relating to you: A right to information about, among other things, the categories of data processed, the processing purposes, the storage period and any recipients, in accordance with Art. 15 EU-GDPR and § 34 GFDPA (German Federal Data Protection Act; Bundesdatenschutzgesetz or BDSG). A right to correction or deletion of incorrect or incomplete data, in accordance with Art. 16 and 17 EU-GDPR and § 35 GFDPA. Under the conditions of Art. 18 EU-GDPR or § 35 No. 1 sentence 2 GFDPA a right to restriction of processing. A right to object to the processing pursuant to Art. 21 No. 1 EU-GDPR, insofar as the data processing was carried out based on a legitimate interest. A right to revoke a given consent with effect for the future pursuant to Art. 7 No. 3 EU-GDPR. A right to data portability in a common format in accordance with Art. 20 EU-GDPR. Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. This also includes profiling within the meaning of Art. 4 No. 4 EU-GDPR.
Supervisory Authority
You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company. The supervisory authority responsible for us is the:
Bavarian State Office for Data Protection Supervision
Promenade 27
91522 Ansbach
Phone: +49 (0) 981 180 093-0
Fax: +39 (0) 981 180 093 800
Email: poststelle@lda.bayern.de
