DATA PROTECTION

In the following, we would like to inform you about the processing of your personal data in connection with the use of the EINFACH KICKEN app (hereinafter "app").

Personal data includes all information that relates to a specific natural person, such as their name or IP address.

1. Summary

1.1. Person responsible

devletics UG (haftungsbeschränkt), Weintrautstraße 30, 35039 Marburg, Germany, is responsible for data processing in the app in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR). You can contact us by email at info@devletics.de.

1.2 Scope of data processing, processing purposes and legal bases

The scope of the processing of of the processing of personal data, the purposes of processing and the the legal bases are explained in detail in section 2. The legal basis for data processing are generally the following following can be considered:

• Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent. for which we obtain consent.
• Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis insofar as the processing of of personal data is necessary for the performance of a contract contract, e.g. for the fulfillment of our obligations under the Terms of Use. This legal basis also applies to processing operations that are necessary for pre-contractual measures, for example in the case of inquiries about our services.
• Art. 6 para. 1 sentence 1 lit. c GDPR applies if we are processing personal data to fulfill a legal fulfill a legal obligation with the processing of personal data, which obligation arising, for example, from tax law.
• Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis if we rely on legitimate interests to processing of personal data on the basis of legitimate interests interests, e.g. for the processing of user inquiries.

1.3 Recipients

If necessary, we transfer personal data to one or more of the personal data for one or more of the purposes specified in this purposes mentioned in this privacy policy to processors and in particular to the following recipients:

• External Service providers
• Partner companies

1.4. Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the European the European Economic Area (EEA), adequacy decisions adequacy decisions of the EU Commission pursuant to Art. 45 para. 3 GDPR guarantee the the security of the data during transfer, insofar as these exist, as is the case for the UK, Canada and Israel, for example.

If no adequacy decision exists, the legal basis for the data data transfer, i.e. unless we indicate otherwise, are standard contractual clauses. indication to the contrary, standard contractual clauses. These are a set of rules adopted by the EU Commission and part of the contract with the respective third party. respective third party. According to Art. 46 para. 2 lit. b GDPR, they guarantee the security of data transfer. Many of the providers have contractual guarantees that go beyond the standard contractual clauses, that protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or with regard to the third party's obligation to inform data subjects if law enforcement agencies want to access data.

1.5. Storage period

Unless explicit storage periods are specified in this data protection declaration, explicit storage periods are specified, stored by us will be deleted as soon as they are no longer required for their are no longer required for their intended purpose and the deletion does not statutory retention obligations prevent deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted, i.e. the data will be blocked data is blocked and not processed for other purposes. This applies e.g. for data that we have to retain for commercial or tax law reasons. must retain.

1.6 No obligation to provide data

You are neither contractually nor legally obliged to provide us with to provide us with personal data. However, if you refuse to data that is absolutely necessary for the use of the app or that we are legally necessary for the use of the app or which we are legally you will not be able to use the app or only to a limited extent.

Mandatory information is marked as such in the app.

2. specific data processing

2.1 Downloading the app

Our app is available for download from the Google Play Store and the Apple App Store (hereinafter "Stores"). When you download the app, the required information is transferred to the Stores. This includes, in particular, your user name, email address, account customer number, time of download, payment information and individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.

2.2 Information security

When you use our app, we collect data that is necessary to ensure the stability and security of the app. This is done as part of our legitimate interest, and the legal basis for this is Article 6(1) sentence 1(f) of the General Data Protection Regulation (GDPR).

2.3 User account

From the age of 16, you have the option of creating your own user account in the app. We process the data requested as part of this creation in order to fulfill the concluded user contract in relation to the account. The legal basis for the processing is Article 6(1) sentence 1(b) of the General Data Protection Regulation (GDPR).

From the age of 13, you have the option of creating a user account in the app with the consent of a parent or guardian. The legal basis for the processing results from Article 8 GDPR.

You can voluntarily add additional information to your user account.

2.4 Single sign-on

You have the option of logging in to our app using one or more single sign-on procedures. In doing so, you use the login data already created by another provider, provided that you are already registered with this provider. If you log in to our app using a single sign-on procedure, we will receive information from the provider that you are logged in with this provider and the provider will receive information that you are using the single sign-on procedure in our app. Depending on the settings in your account on the provider's website, additional information may be made available to us by the provider. The legal basis for this processing results from the user contract between the provider and you.

The providers of the available methods are:

• Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (Datenschutzerklärung: https://www.apple.com/legal/privacy/de-ww/).
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (Datenschutzerklärung: https://policies.google.com/privacy).

2.5 Making contact

When you contact us, for example by email or telephone, we store the data you provide, such as names and email addresses, in order to answer your questions. The legal basis for this data processing is based on our legitimate interest pursuant to Article 6(1) sentence 1(f) of the General Data Protection Regulation (GDPR) in responding to inquiries addressed to us.

2.6 Competitions

From time to time we organize competitions. The data collected in these competitions is processed by us to determine the winners and to notify them. The data will be deleted after the competition has ended. The provision of competitions serves our legitimate interest in attracting new users and promoting interaction with our existing users. The legal basis for data processing in accordance with Article 6(1) sentence 1 point (f) of the General Data Protection Regulation (GDPR)

.

2.7 Surveys

We occasionally conduct surveys to gain a better understanding of our users and their needs. In doing so, we collect the relevant information that is requested in the surveys. This is done on the basis of our legitimate interest in getting to know our users and their preferences better. The legal basis for the associated data processing in accordance with Article 6(1) sentence 1(f) of the General Data Protection Regulation (GDPR) arises from our legitimate interest. The data collected will be deleted as soon as the survey results have been evaluated.

2.8. Tools from third-party providers

2.8.1 OpenStreetMap

We use map services from OpenStreetMap (OSM)

We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 OWS, United Kingdom. The United Kingdom is considered a safe third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. Among other things, your IP address and other information about your behavior on this website and in the app may be forwarded to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us in the EINFACH KICKEN app. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information on data processing, please refer to the service provider's privacy policy at: https://www.fossgis.de/datenschutzerklärung/.

2.8.2 Hetzner

We host our website and the app at Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Hetzner is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website and app as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information on data processing, please refer to the service provider's privacy policy at: https://www.hetzner.com/de/legal/privacy-policy.

2.8.3 Firebase Cloud Analytics

We use Firebase Analytics for analysis. The provider is Google. The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses). The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing takes place on the basis of consent. You can withdraw your consent at any time, e.g. by contacting us using the contact details provided in this privacy policy. Further information can be found in the provider's privacy policy at https://firebase.google.com/docs/analytics

2.8.4. Firebase Cloud Messaging

We use Firebase Cloud Messaging to communicate with our users. The service provider is Google Ireland Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland. As part of this communication, usage data (e.g. interests in content and access times) as well as meta and communication data (e.g. device information and IP addresses) are processed.

The legal basis for this processing is based on Article 6(1) sentence 1 point (a) of the General Data Protection Regulation (GDPR). The processing is based on your consent. You have the right to withdraw your consent at any time. You can do this, for example, using the contact details provided in this privacy policy. The withdrawal has no influence on the lawfulness of the processing that took place before the withdrawal.

For more information on data processing, please refer to the service provider's privacy policy at https://firebase.google.com/support/privacy.

2.8.5 Firebase Cloud Storage

We use Firebase Cloud Storage to store media that is visible in our app. The service provider is Google Ireland Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland. As part of this communication, usage data (e.g. interests in content and access times) as well as meta and communication data (e.g. device information and IP addresses) are processed.

The legal basis for this processing is based on Article 6 paragraph 1 sentence 1 letter a of the General Data Protection Regulation (GDPR). The processing takes place on the basis of your consent. You have the right to withdraw your consent at any time. You can do this, for example, using the contact details provided in this data protection declaration. The revocation does not affect the lawfulness of the processing that took place before the revocation.

Further information on data processing can be found in the data protection declaration of the service provider at: https:/ /firebase.google.com/support/privacy.

2.8.6. Stripe

We process the payment process via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe to the extent necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. GDPR): Name of the cardholder. E-mail address, customer number, order number, bank details, credit card details, validity period of the credit card, credit card verification number (CVC), date and time of the transaction, transaction amount, name of the provider, location.

The processing of the data provided under this section is not required by law or contract. Without submitting your personal data, we cannot process a payment via Stripe.

Stripe plays a dual role as controller and processor in data processing activities. As the controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves to execute the contract (according to Art. 6 Para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor in order to be able to complete transactions within the payment networks. As part of the order processing relationship, Stripe acts exclusively according to our instructions and is contractually obliged to comply with data protection regulations within the meaning of Art. 28 GDPR.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

You can find further information about objection and removal options against Stripe at: https://stripe.com/privacy-center/legal

We will store your data until payment processing is completed. This also includes the time required for processing refunds, debt management and fraud prevention.