PRIVACY POLICY APP – BORN IN FLACHT

BORN

FLACHT

Privacy Information BORN IN FLACHT App

Addition to BORN IN FLACHT´s data protection information (see https://born-in-flacht.com/privacy-policy/) on the use of the app.

Contents

Foreword and Selected Terms
Responsible Party
Overview
Legal basis for processing Personal Data
Your rights under the General Data Protection Regulation
External Hosting
Data Collection as part of Using the App
Use of the App
Access Authorizations in the Device
Email Communication and Telephone Contact
Direct Marketing and Postal Advertising
Deployed Third Party Tools
Further Data Protection Information

1. Foreword and Selected Terms

On the one hand, this data protection declaration informs visitors and users of our app about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.

GDPR stands for the European General Data Protection Regulation.
BDSG is an abbreviation for the Federal Data Protection Act in its current version.
Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
The data subject within the meaning of data protection law is any natural person whose personal data is processed.

Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Article 4 of the GDPR (definitions).

2. Responsible Party

The responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Schloss Schnait GmbH
Silcherstr. 10
D-71384 Weinstadt
Tel.: +49 (0)7151 20524-0
E-Mail: mail@schloss-schnait.com

3. Overview

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Security in our app

Our app communicates via an encrypted connection. As a precaution, we would like to point out that 100% security in electronic data processing is not possible and there is always a residual risk.

Data that you transmit to us

On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Automatic server log files

Our server automatically records all accesses and therefore also IP addresses (log files); this serves to ward off attacks, analyze access numbers and ensure smooth operation.

Direct marketing and postal advertising

We reserve the right to send our members newsletters based on Section 7 Paragraph 3 UWG and Art. 6 Paragraph 1 Letter f GDPR. We further process your personal data for the purposes of postal advertising for our own services or the services of our partner companies on the basis of Art. 6 Para. 1 lit. f GDPR. Of course, you can exercise your right to object at any time. To do this, please contact the responsible body mentioned above or contact@born-in-flacht.com

Other data recipients

a) Use of processors

We use processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting, email hosting or printing services. They process personal data for us according to our instructions.

b) Use of non-specialist services

If necessary (for example to execute the contract), we pass on your data to, for example, banks, other payment service providers, shipping service providers, our tax advisor or lawyer.

c) Legal obligations

We are subject to legal obligations, such as commercial laws or tax law, in this context we must pass on certain data, for example, to tax authorities.

d) Investigation of crimes

If it is necessary to investigate a crime, we pass on data to the law enforcement authorities.

General information on deletion periods of personal data

We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; we are also obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country

We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Article 28 of the GDPR, taking appropriate guarantees into account. In individual cases we may use plugins or tools that are hosted in third countries, but we use these on the basis of our legitimate interests. In these cases, we will point out the circumstance if necessary.

Legal or contractual obligation to provide personal data

This website can generally be visited without providing personal data. For purchases in our online shop, it is necessary to provide personal data in order to conclude a purchase contract.

4. Legal basis for processing Personal Data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.

Consent given (Art. 6 Para. 1 lit. a GDPR)

Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.

Contract-related data processing (Art. 6 Para. 1 lit. b GDPR)

The processing of personal data to initiate or implement contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.

Legal obligation (Art. 6 Para. 1 lit. c GDPR)

The exception to data processing based on a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods according to commercial law and tax law.

Legitimate interests (Art. 6 Para. 1 lit. f GDPR)

The processing of personal data on the basis of a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful weighing of financial or legal interests against the legitimate interests of the data subject .

5. Your rights under the General Data Protection Regulation

Every natural person is entitled to certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can demand from us:

Right to revoke your consent in accordance with Art. 7 GDPR

You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions possible according to Section 34 BDSG)

You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification according to Art. 16 GDPR

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions possible according to § 35 BDSG)

You have the right at any time to request the deletion of your personal data that we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Right to data portability according to Art. 20 GDPR

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR

If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with In accordance with Section 19 BDSG

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. External Hosting

The app and its dynamic content are hosted externally. The personal data collected in this app is stored on the server(s) of the host(s). This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR).

Our hosts will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We have commissioned the following provider:

Technical hosting of the app:

Fabrik19 AG

Bahnhofstr. 82-86

D-35390 Giessen

Hosting website and databases:

Klickpark GmbH & Co. KG

Bahnhofstrasse 27

D-68526 Ladenburg

Data Processing Agreement

We have concluded data processing contract (DPA) with our hosting service providers. Personal data will only be processed according to our instructions and in compliance with the GDPR.

7. Data Collection as part of Using the App

When you access our app via your device, we process the following data:

Date and time of access
Duration of use
Type of mobile device / device version
Operating system used
App version used
Features you use
System crashes and similar events
User authentication token
IP address

Our interest is to enable the use of our app and to ensure its long-term technical functionality. When you access our app, this data is processed automatically. Without this provision of data, you cannot use our services. We do not use this data for the purpose of drawing conclusions about you or your identity.

We also use this data to optimize app performance, ensure the availability of our app and improve the user experience.

We process your data based on our legitimate interest. We process this data on the basis of Article 6 Para. 1 lit. f GDPR to provide the service, to ensure technical operation and for the purpose of identifying and eliminating disruptions. Furthermore, our legitimate interest lies in ensuring the performance and availability of our offer.

8. Use of the App

Log in with Username and Password

To receive access data, you must have successfully completed the registration process on our website www.born-in-flacht.com . You will receive the access data directly from us, which you can use to log into your user account. For security reasons, all login processes are recorded to prevent misuse and cyberattacks. This is done in the legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.

Adding Information to the User Profile

You can add various data to your user profile, such as a profile picture or a background image.

Please note that not all information is required to use the app and you alone decide whether you want to share this data with us. You also have the option to change the data at any time. If you do not provide this data, we may not be able to best fulfill your wishes when using our offerings. The provision of optional information is voluntary and implied based on your consent (Art. 6 Para. 1lit. a GDPR).

Use of the individual Functions

The functions within the app as well as the personal data processed, purposes and legal bases are described below.

Using the notifications function (push notifications)

You can let us inform you about new content and friend requests via push notifications. You will receive push notifications based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke receiving push notifications at any time using a button in the app. If the button does not work temporarily, you can also switch off notifications in the app permissions settings of your device. You can find information about this in the operating instructions for your device.

Community features

Information from your personal profile and activities is a good basis so that like-minded people from all over the world can network with you. After successful registration, your profile is available to other verified users for interaction. We process data as part of the community functions on the basis of Article 6 Paral 1 lit. a, b and f GDPR in order to make your profile in our app available to other users for networking and to provide you with the desired services in this context and to carry out the associated contractual relationship with you.

Profile page

The following data is displayed on the profile page if it has been entered in the profile:

Profile picture
Background image
First name
Last name
City
Country
Slogan
Vehicle(s)

Blog

We offer you the possibility to publish posts. As soon as you write a post as a verified user, the following data will be displayed in the blog area:

Profile picture
First name
Last name

Posting of events

The publication of events is done in coordination with the administrator by BORN IN FLACHT.

Chat

You can use the chat function to exchange ideas with other members. If you activate the chat function, other members can send you direct messages. You can deactivate the chat function at any time in the app settings.

Around Me

If you allow access to your location through the app to view other members in the area and share your location with other members. You can find out more about this under “Access authorizations in the end device”.

9. Access Authorizations in the Device

In order to provide our services via the app, we require the access rights listed below, which enable us to access certain functions of your device. Your express consent (opt-in) is required to access this data. You can grant this if the app asks you to do so. The processing of this data is therefore based on your consent (Art. 6 Para. 1 lit. a GDPR).

Access to the camera

You can give the app access to your device’s camera to load media into the app.

Access to storage

You can give the app access to your device’s storage to load media into the app.

Access to the microphone

You can give the app access to your device’s microphone, for example to hear the sound of a GT.

Access to the location ( Around Me)

The app asks for your current location when you access certain functions and at regular intervals in the background, for example to show you other members in the area and to share your location with other members.

Revocation of access rights

You can revoke granted access rights at any time in the settings of your device. Depending on the operating system, you can find the rights management in the settings under Apps or Permissions. You can find more detailed information in the operating instructions for your device or operating system.

10. Email Communication and Telephone Contact

Communication via Email

If you write us an email, we will process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Article 6 Paragraph 1 Letter b GDPR and Article 6 Paragraph 1 Letter f GDPR. It is in our legitimate interest to process your request quickly and efficiently.

Please note that we store all incoming emails in accordance with proper accounting principles for a period of ten years, starting from the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict the processing of your data and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by Telephone

Even if you contact us by telephone, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting you by email.

We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of the data processing has been achieved and we no longer have any legitimate interests in the processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. Of course, you can request deletion at any time.

11. Direct Marketing and Postal Advertising

Postal Advertising to existing Customers in the legitimate Interest

We process your personal data for our own marketing purposes (sending postal advertising) and for the advertising purposes of third parties (partner companies). We process the following data:

Salutation
First name
Last name
Gender
Year of birth (if applicable)
Postal address

We provide your postal contact details (name, address) from partner companies selected by us, from the automotive industry and other industries, letter shop process (order processing). The partner companies do not receive your personal data at any time; postal advertising is sent by us or by a letter shop commissioned by us as part of an order processing contract.

The legal basis for the use of personal data for marketing purposes is Article 6 Paragraph 1 Letter f GDPR. Our legitimate interest is to inform our customers about products and services that may be of interest to you.

We generally process your data for the purposes described for the duration of your membership.

Note on the right to object

You can use your personal data for the aforementioned marketing purposes at any time free of charge with effect for the future by sending a message to contact@born-in-flacht.com or with a short message to Schloss Schnait GmbH, Silcherstrasse 10, D-71384 Weinstadt/Schnait. If you object, we will block your data for further data processing for advertising purposes.

Electronic Direct Marketing to existing Customers in the legitimate Interest

We reserve the right to use the data collected as part of your membership for direct advertising by email or post in accordance with Section 7 Paragraph 3 UWG if you do not object or have objected to this use. We use your data for the duration of your membership.

We have a legitimate, economic interest (Art. 6 Para. 1 lit. f GDPR) in providing our customers with advertising information. Of course, you can object to receiving direct advertising at any time. Direct your objection to the responsible body mentioned above.

12. Deployed Third Party Tools

Firebase Crashlytics

In order to improve the stability and reliability of our apps, we rely on anonymized crash reports. We use Firebase for this Crashlytics “, a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland.

In the event of a crash, anonymous information is transmitted to Google’s servers in the USA (state of the app at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the cell phone, last log messages). This information does not contain any personal data. Crash reports will only be sent with your express consent. When using iOS apps, you can grant consent in the app’s settings or after a crash. For Android apps, when setting up the mobile device, you have the option of generally agreeing to the transmission of crash notifications to Google and app developers.

The legal basis for the data transfer is Article 6 Para. 1 lit. a and f GDPR. You can revoke your consent at any time by deactivating the “Crash Reports” function in the settings of the iOS apps (in the magazine apps the entry is in the “Communication” menu item).

For Android apps, deactivation is generally done in the Android settings. To do this, open the Settings app, select “Google” and then select “Usage & Diagnostics” in the three-dot menu at the top right. Here you can deactivate the sending of the corresponding data. For more information, see your Google Account Help.

Further information on data protection can be found in Firebase ‘s data protection information Crashlytics at https://firebase.google.com/support/privacy and https://docs.fabric.io/apple/fabric/data-privacy.html#data-collection-policies

13. Further Data Protection Information

You can find the general data protection information at https://born-in-flacht.com/de/privacy-policy/ . Please feel free to contact us if you have any questions.