Amicido GmbH (hereinafter: “the company”, “we” or “us”) takes the protection of your personal data seriously and would like to inform you about data protection in the company. Due to the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “DS-GVO”), additional obligations have been imposed on us to ensure the protection of personal data of the person affected by a processing (we also address you as a data subject hereinafter with “user”, “you”, “you”, customer” or “data subject”).
B. Basic information
- “Personal data” according to Art. 4 No. 1 DS-GVO means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if he or she can be identified directly or indirectly, in particular by means of an association with an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
- “Controller” according to Art. 4 No. 7 DS-GVO is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- “Processing” according to Art. 4 No. 2 DS-GVO means any operation which involves the handling of personal data, whether or not by automated means. This includes, in particular, the collection, recording, organization, arrangement, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing was originally based.
- “Processor” according to Art. 4 No. 8 DS-GVO is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions. In terms of data protection law, a processor is not a third party.
- “Consent” pursuant to Art. 4 No. 11 DS-GVO of the data subject means any freely given indication of intention for the specific case, in an informed manner and unambiguously in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
- “Third party” according to Art. 4 No. 10 DS-GVO means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor; this also includes other group-affiliated legal entities.
2. Amendment of the data protection statement
In the context of the further development of data protection law as well as technological or organizational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes.
3. No obligation to provide personal data
The conclusion of a contract is not made dependent on the provision of personal data. In principle, there is no legal or contractual obligation for you to provide us with your personal data. However, it may be that certain services can only be provided to a limited extent or not at all if you do not provide the necessary data. If this should be the case, you will be informed separately.
C. Information about the processing of your data
1. The collection of personal data concerning you
(1) When you use our app, personal data is collected about you.
(2) Personal data are all data that relate to your person. Among other things, this includes your name, location data, IP address, device identifier, SIM card number, address and email address, fingerprint, images, movies, audio recordings, but also your user behavior.
2. Legal basis of data processing
(1) Processing of personal data is legal if the data processing falls under one of the following justifications:
- Art. 6 (1) p. 1 lit. a DS-GVO (“consent”): if the data subject has voluntarily, in an informed manner and unambiguously indicated by means of a declaration or other unambiguous confirmatory act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
- Art. 6 (1) p. 1 lit. b DS-GVO: If the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request;
- Art. 6 (1) p. 1 lit. c DS-GVO: If the processing is necessary for compliance with a legal obligation to which the controller is subject.
- Art. 6 (1) p. 1 lit. d DS-GVO: If the processing is necessary to protect the vital interests of the data subject or another natural person;
- Art. 6 (1) p. 1 lit. e DS-GVO: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- Art. 6 (1) p. 1 lit. f DS-GVO (“Legitimate Interests”): if the processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject override (in particular if the data subject is a minor).
(2) Processing may also be based on several legal bases. Any applicable legal basis will be explicitly mentioned below.
3. Data collected during download
(1) When downloading this app, personal data required for this purpose will be transmitted to the corresponding app store. In particular, the e-mail address, the username, the customer number of the downloading account, the individual device identification number, payment information and the time of the download are transmitted to the App Store.
(2) We have no influence on the collection and processing of this data; it is carried out exclusively by the Store. The responsibility for the processing and collection of your data lies solely with the App Store selected by you. Any responsibility on our part is excluded.
4. Data collected during use
(1) In order to be able to provide any benefits of our app, it is inevitable that when you use the app, we will have to collect the personal data about you that we have determined is necessary for the operation of the app. We only collect this data if this is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b DS-GVO). Furthermore, we collect data if this is necessary for the functionality of the app and your interest in the protection of your personal data does not outweigh this (Art. 6 para. 1 lit. f DS-GVO).
(2) We collect and process the following data from you:
- Data that you provide to us: For the use of the app, the creation of a user account is required. For this, you provide at least your login name.
- Device information: Access data includes the IP address, device ID, device type, device-specific settings and app settings and app properties, the date and time of the retrieval, time zone the amount of data transferred and the message whether the data exchange was complete, crash of the app, browser type and operating system. This access data is processed to enable the technical operation of the app.
- Information with your consent: other information, including GPS location data, we process if you allow us to do so.
Contact form data: When contact forms are used, the data transmitted through them are processed, including gender, name, address, company, email address and the time of transmission.
(2) Cookies contain data that enable recognition of the device used. In part, cookies only contain information about settings that cannot be related to a person. Cookies cannot directly identify a user.
(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
- Technical cookies: these are mandatory for moving around within the app, using basic functions and ensuring the app’s security; they do not collect information about you for marketing purposes, nor do they store which websites you have visited;
- Performance cookies: these collect information about how you use our app, which pages you visit and, for example, whether errors occur when using the app; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our app and find out what interests our users;
- Advertising cookies, targeting cookies: these are used to provide the app user with tailored advertising within the app or third-party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing cookies: these are used to improve the interactivity of our app with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
6. Duration of data storage
(1) We delete your personal data as soon as they are no longer required for the purposes for which we collected or used them. We store your personal data for the duration of the usage or contractual relationship via the app. In principle, your data is only stored on our servers in the European Union, subject to possible transfer.
(2) In the event of a pending legal dispute with you or other legal proceedings, storage may extend beyond the specified period.
(3) Third parties engaged by us will store your data on their system for as long as is necessary in connection with the provision of the service for us in accordance with the respective order.
(4) Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. § 257 HGB or § 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
7. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
8. Change of purpose
(1) Processing of your personal data for purposes other than those described will only be carried out if this is permitted by a legal provision or if you have consented to the changed purpose of the data processing.
(2) In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of the purposes prior to further processing and provide you with all other relevant information.
D. Responsibility for your data and contacts
1. Responsible party and contact details
(1) We are the responsible party for the processing of your personal data within the meaning of Art. 4 No. 7 DS-GVO.
Our company data protection officer is available to you at any time as a contact person on the subject of data protection. His contact details are:
(2) Please contact this contact point if you wish to assert the rights to which you are entitled against us, or if you have any questions or comments regarding the collection and processing of your personal data.
2. Data collection when contacting us
If you contact us, your e-mail address, name and any other personal data you have provided in the course of contacting us will be stored by us so that we can contact you to answer your question. This data will be deleted as soon as the storage is no longer necessary. If there are legal retention periods, the data remains stored, but processing is restricted.
F. Data processing by third parties
1. Commissioned data processing
(1) If commissioned service providers are used for individual functions of our app, they will only act on our instructions. In accordance with Art. 28 DS-GVO, they are contractually obligated to comply with the provisions of data protection law.
(2) The following categories of recipients, which are usually order processors, may receive access to your personal data:
- Service providers for the operation of our app and the processing of data stored or transmitted by the systems. The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO, insofar as they are not order processors;
- State authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is Art. 6 para. 1 p. 1 lit. c DS-GVO;
- Persons employed to carry out our business operations. The legal basis for the disclosure is Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO.
(3) We will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO.
(4) Insofar as we pass on your personal data to our subsidiaries, this shall be done on the basis of existing order processing relationships.
2. Prerequisites for the transfer of personal data to third countries
(1) In the course of our business relationships, your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area (EEA). Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship. We will inform you about the respective details of the transfer below at the relevant points.
(2) The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer if you would like more information on this.
3. Legal obligation to transfer data
In individual cases, we are subject to a legal obligation to provide lawfully collected personal data to third parties, in particular to public authorities, pursuant to Art. 6 (1) p. 1 lit. c DS-GVO).
G. Your rights
1. Right of access
You have the right within the scope of Art. 15 DS-GVO to receive information about the personal data concerning you. This requires a request from you, to be sent either by e-mail or by post to the addresses given above.
2. Objection to data processing and revocation of consent
(1) In accordance with Art. 21 DS-GVO, you have the right to object to the processing of personal data concerning you at any time. We will stop processing your personal data unless we can demonstrate compelling grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.
(2) Pursuant to Art. 7 (3) DS-GVO, you have the right to revoke your consent once given – i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes – at any time vis-à-vis us. This has the consequence that we may no longer continue the data processing that was based on this consent.
(3) For disclosure, please contact the contact point indicated above.
3. Right to rectification and deletion
(1) Insofar as personal data concerning you is incorrect, you have the right, pursuant to Art. 16 DS-GVO, to demand that we correct it without delay. Under the conditions set out in Art. 17 DS-GVO, you also have the right to request the deletion of personal data relating to you. In particular, you have the right to erasure if the data in question is no longer necessary for the collection or processing purposes, if the data storage period has elapsed, if there is an objection or if there is unlawful processing. With a request in this regard, please contact the contact point indicated above.
(2) To exercise these rights, please contact the contact point indicated above.
4. Right to restriction of processing
(1) Pursuant to Art. 18 DS-GVO, you have the right to request that we restrict the processing of your personal data.
(2) With a request in this regard, please contact the contact point indicated above.
(3) You are entitled to the right to restrict processing in particular if the accuracy of the personal data is disputed between you and us; in this case, you are entitled to the right for a period of time required to verify the accuracy. The same applies if the successful exercise of a right of objection is still disputed between you and us. You are also entitled to this right in particular if you are entitled to a right to erasure and you request restricted processing instead of erasure.
5. Right to data portability
(1) In accordance with Article 20 DS-GVO, you have the right to receive from us the personal data concerning you that you have provided to us in a structured, common, machine-readable format.
(2) With a request in this regard, please contact the contact point indicated above.
6. Right to complain to the supervisory authority
(1) Pursuant to Art. 77 DS-GVO, you have the right to complain about the collection and processing of your personal data to the competent supervisory authority.
(2) The jurisdiction depends on our registered office, your usual place of residence or your place of work.