Privacy policy declaration for the app “OnePeek“

1.Scope of the privacy policy declaration

This privacy policy applies to our apps for mobile operating systems and devices (hereinafter “app”). It explains the type, purpose and scope of data collection when using the app.

When you download this app, certain necessary personal data will be transmitted to the relevant app store (e.g. Apple App Store or Google Play). In particular, when downloading, the email address, user name, customer number of the downloading account, the individual device identification number, payment information and the time of download will be transmitted to the App Store. We have no influence on the collection and processing of this data; rather, it is carried out exclusively by the app store you have selected. Accordingly, we are not responsible for this collection and processing; responsibility for this lies solely with the App Store.

We reserve the right to change this privacy policy at any time in compliance with legal requirements.

2.Responsible body

The responsible body for the data processing described in this data protection declaration is:

Schippl Weise-Onnen Oldenburg GmbH & Co. KG

Christoph Weise-Onnen

[email protected]

+49 441 922 06 202

3.Data Protection Officer

You can reach our data protection officer using the following contact details:

Per Schippl

Markt 22

26122 Oldenburg

[email protected]

+49 441 922 06 202

4.Type, scope, purpose and legal basis of data processing

Purpose and legal basis of data processing

Unless more specific requirements are set out in this data protection declaration, we process your personal data as part of the use of the app in order to provide the functionalities of the app, to ensure the security of the app or - if necessary and legally permitted - to contact you step. The legal basis is Art. 6 Para. 1 lit. b GDPR (fulfillment of the contract) and our legitimate interest in providing a functional app (Art. 6 Para. 1 lit. f GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. for device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Details can be found in the following statements.

Data categories processed

If you use this app, the following personal data will be processed:

  • First and Last Name
  • Address
  • user name
  • Email-Address
  • Telephone and cell phone number
  • Profile picture
  • Order data (which products were ordered from which seller)
  • Invoice and contract data
  • Representatives and contact persons
  • Data that you enter in the chat or contact forms
  • Device identifiers / device IDs
  • Device number and device type of the smartphone/end device
  • Pictures
  • IBAN
  • BIC
  • If applicable, sales and text
  • Device information, such as the IP address, device type, device-specific settings and app settings as well as app properties, the date and time of access, time zone, the amount of data transferred and the message as to whether the data exchange was complete, crash of the app, browser type and operating system ; This access data is processed to enable the technical operation of the app
  • Data you provide to us: To use the app, you need to create a user account. To do this, you must provide at least your login name.

If the processing of the data requires the storage of information in your terminal device or access to information that is already stored in the terminal device, § 25 Abs. 1, 2 TDDDG is the legal basis for this.

This data is collected to implement the usage contract between us and the app users (Art. 6 Para. 1 Sentence 1 Letter b GDPR). With regard to voluntary information, data processing is also carried out on the basis of Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. We have a legitimate interest in collecting voluntarily provided data from our users. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time.

Registration

You can register in the app to use additional functionalities of the app. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration. For important changes, such as the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way. The data entered during registration is processed for the purpose of implementing the usage relationship established by registration and, if necessary, to initiate further contracts (Art. 6 Para. 1 lit. b GDPR). The data collected during registration will be stored by us as long as you are registered on this app and will then be deleted. Statutory retention periods remain unaffected.

To register with a Google account The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://play.google.com/store/apps?hl=de. When you register with your account, you only need to enter your respective account name and the associated password. Your account in our app will then be automatically completed with the data stored with the respective provider. The use of this function is in our legitimate interest, to enable our users to make the registration process as simple as possible (Art. 6 Para. 1 lit. f GDPR). Since the use of the registration function is voluntary and the users can decide for themselves about the respective access options, there are no conflicting overriding rights of those affected.

For registration with an Apple account, the provider is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA, https://www.apple.com/de/ios/app-store/. When you register with your account, you only need to enter your respective account name and the associated password. Your account in our app will then be automatically completed with the data stored with the respective provider. The use of this function is in our legitimate interest, to enable our users to make the registration process as simple as possible (Art. 6 Para. 1 lit. f GDPR). Since the use of the registration function is voluntary and the users can decide for themselves about the respective access options, there are no conflicting overriding rights of those affected..

For registration via Magic Link is Provider die Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, https://play.google.com/store/apps?hl=de. When you register with your account, you only need to enter your respective account name and the associated password. Your account in our app will then be automatically completed with the data stored with the respective provider. The use of this function is in our legitimate interest, to enable our users to make the registration process as simple as possible (Art. 6 Para. 1 lit. f GDPR). Since the use of the registration function is voluntary and the users can decide for themselves about the respective access options, there are no conflicting overriding rights of those affected.

Access rights of the app

To provide our services, the app requests the access rights listed below, which enable us to access certain functions of your device.

  • Camera. Access is for the following purpose:

The access permissions granted are used exclusively to provide the associated app functionalities.

The data may be processed by the app store providers under certain circumstances.

The legal basis for access is your consent, which you gave during the installation (Art. 6 Para. 1 lit. a GDPR). You can change the app access permissions at any time. However, in this case, the app or certain app functions may no longer work properly.

InApp Purchases

Within the app you have the option to purchase additional services (in-app purchases). The purchase therefore takes place via the AppStore, which is also responsible for data protection. Details can be found in the respective data protection declarations of the AppStore. In the case of in-app purchases, you will be redirected to your AppStore provider. These can be the following app stores:

Apple App Store: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA, https://www.apple.com/de/ios/app-store/. The data protection declaration can be found at: https://www.apple.com/legal/privacy/de-ww/.

Google Play: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, https://play.google.com/store/apps?hl=de. The parent company is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, so that a transfer of your data to the USA cannot be ruled out. The data protection declaration can be found at: https://policies.google.com/privacy.

Data processing as part of the subscription model

If you take out a subscription via our app, we process the personal data you provide to provide and process the subscription. This data includes:

  • -Your basic data (e.g. name, email address)
  • -Payment data (e.g. credit card number, account details)
  • -Subscription information (e.g. subscription type, term, usage history).

We use this data for the following purposes:

  • -Management of your subscription (Art. 6 Para. 1 lit. b GDPR)
  • -Billing and payment processing (Art. 6 Para. 1 lit. b GDPR)
  • -ulfillment of legal obligations, e.g. B. tax law requirements (Art. 6 Para. 1 lit. c GDPR)
  • -Analysis to improve our services (Art. 6 Para. 1 lit. f GDPR).

We use external payment service providers to process payments (e.g. PayPal). Your payment data is processed directly by these service providers. For further information, please refer to the data protection declaration of the respective payment service provider.

Your data will be stored for the duration of the subscription. After the subscription has ended, we will retain your data in accordance with legal retention requirements (e.g. tax regulations). Data without a legal storage obligation will be deleted as soon as it is no longer needed.

Data processing as part of the API connection to the bank

The app offers the option of linking the household book with your accounts. To do this, a connection to the bank must be established via a technical interface. After connection, all account transactions are recorded in the app and stored by the provider on its servers. With regard to the third-party data that is processed in this way (e.g. data from people who have transferred money to you), the app provider acts exclusively as a processor.

The legal basis for data processing is the fulfillment of the contract that we have concluded with you (Art. 6 Para. 1 lit. b GDPR).

Donation option

If you donate via our app, we process the personal data you provide (e.g. name, address, payment details) to process the donation. The legal basis for this is Article 6 Paragraph 1 Letter b GDPR (fulfillment of a contract).

We use external payment service providers (e.g. PayPal) to process payments. The transmission of your payment data is only encrypted. For further information on data processing by the payment service provider, please see their data protection declaration.

Your data will be stored in accordance with legal retention requirements and then deleted, provided there are no further legal obligations.

You have the right to information, correction and deletion of your data at any time.

Contact us

If you contact us (e.g. via contact form, by e-mail, telephone, fax or via another channel), your request including all resulting personal data (e.g. name, request) will be sent to us for the purpose of processing your request stored and processed. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 Para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 Para. 1 lit. f GDPR), as we have a legitimate interest in the effective Processing inquiries sent to us. The data you send to us via contact request will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Analysis and tracking

When you access our app, your behavior can be statistically evaluated using certain analysis tools and analyzed for advertising purposes or to improve our offerings. When using such tools, we ensure compliance with statutory data protection regulations. When using external service providers, we ensure through appropriate contracts with the service providers that data processing complies with German and European data protection standards.

We use the following tools to analyze user behavior:

Firebase Analytics: We use the external analysis service Firebase Analytics from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) to optimally tailor our app to the interests of the users. For this purpose, we use a programming interface, the Firebase Software Development Kit (SDK), provided by Google, to access the user ID from the app and device information such as the advertising ID (IDFA from Apple and GAID from Google) of the device used and to enable statistical analysis of the use of the app. Using the Firebase SDK, we can define various events (e.g. average app usage, average sessions per user, button presses, recognition of usage preferences) in order to be able to track and understand the behavior of app users across devices and thus the app's functionalities accordingly to optimize and improve. We can also identify and fix errors in programming and prevent fraudulent activity in the app. For the purpose of fraud prevention and statistical analysis, Google processes device information such as the advertising ID (IDFA from Apple and GAID from Google) and the IP address of the device used and provides us with anonymous statistics about interactions with our app. The legal basis for the processing is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Our legitimate interests lie in fraud prevention, IT security, dynamic provision of content and optimization of our app and services. Google also processes some of the data in the USA. We have agreed standard contractual clauses with Google to require Google to maintain an appropriate level of data protection. We will provide you with a copy upon request. Your data will be deleted after thirteen months at the latest. Further information about data protection at Google can be found at: https://policies.google.com/privacy. If consent has been requested, the use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time.

Google Analytics: This app uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics allows us to analyze the behavior of app users. The app operator receives various usage data, such as: B. App views, length of stay, operating systems used and origin of the user. This data can be assigned to the user’s respective device. Furthermore, Google Analytics uses various modeling approaches to complement the data sets collected and uses machine learning technologies in data analysis. Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior. The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider using the following link: https://www.dataprivacyframework.gov/list.

YouTube

This app integrates videos from the YouTube website. YouTube is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is integrated into our app and a connection is established to the YouTube servers. Furthermore, YouTube can store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about users of this app. This information is, among other things, used to collect video statistics, improve user experience and prevent fraud attempts. Furthermore, the data collected is processed in the Google advertising network. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Further information on how to handle user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Encryption

This app uses encryption for security reasons and to protect the transmission of confidential content. This encryption prevents that the data you transmit can be read by unauthorized third parties.

Hosting

The app itself is hosted by the AppStore provider from which you downloaded the app. The user data collected in the APP is stored by our host. Our host is:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, https://play.google.com/store/apps?hl=de

We have concluded a contract for order processing with our host, which ensures that they process the data based on our instructions and in compliance with the GDPR.

Data transfer to third countries

We use, among other things, tools from companies based in the USA or other third countries that are not secure in terms of data protection. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Storage period

Unless a specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies. A Loss of purpose usually occurs when you log out of the app.

If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); In the latter case, the deletion takes place after these reasons no longer apply.

Data that is stored exclusively on your device remains there until you delete this data or the app yourself.

Automated decision making

There is no automated decision making.

Your rights

You have the following data protection rights within the framework of the GDPR:

Right to information (Article 15 GDPR): You have the right to request information about the personal data we have stored about you.

Right to rectification (Article 16 GDPR): You have the right to request that inaccurate personal data concerning you be corrected. Taking into account the purpose of processing, you also have the right to request that incomplete personal data be completed.

Right to deletion (Article 17 GDPR): You have the right to request the deletion of your personal data.

Right to restriction of processing (Article 18 GDPR): You have the right to request that the processing of personal data concerning you be restricted.

Right to data portability (Article 20 GDPR): You have the right to have personal data that we process automatically based on your consent or in fulfillment of a contract handed over to you or another person responsible in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to revoke your consent (Art. 7 Para. 3 GDPR): If you have given your consent to the processing of your data, you have the right to revoke this at any time with future effect.

Right to complain (Art. 77 GDPR): If you are of the opinion that we are not complying with data protection regulations when processing your personal data, you have the right to lodge a complaint with a data protection authority.

In cases where data processing is carried out in accordance with Article 6 Paragraph 1 Sentence 1 Letter e or f GDPR, you have the right to object to data processing for reasons arising from your particular situation (right to object according to Art. 21 GDPR).