Who are we? Who is responsible for data protection at our company (data protection officer)?
We are Greator GmbH and can be reached as follows: Brüsseler Str. 89-93, Phone: +49 (0)221 - 6695980, Fax: +49 (0)221 - 9543235, [email protected]. Our managing director is Mr. Alexander Müller. Everyone at our company is responsible for data protection. In addition, we have decided to appoint a data protection officer. In order to guarantee his independence, we have commissioned an external consultant. This is the lawyer Dr. Stephan Gärtner. You are welcome to contact him at any time. You can reach him as follows: Attorney at Law Dr. Stephan Gärtner, StanhopeONE, Voßstraße 20, 10117 Berlin, [email protected].
How do we process your data when you download and use the app?
(1) We provide you with a mobile app that you can download to your mobile device. Our app is available via distribution platforms operated by third parties, so-called app stores (Google Play and Apple iTunes). Your download may require prior registration with the respective app store and installation of the app store software. Greator GmbH has no influence on the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and the app store software. The responsible party in this respect is solely the operator of the respective app store. If necessary, please inform yourself directly with the respective app store provider.
(2) When downloading the mobile app, the required information is transmitted to the App Store, i.e. in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app to your mobile device.
(3) When using the mobile app, we collect the personal data described below to enable the convenient use of the functions. If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security (legal basis is Article 6 (1) sentence 1 lit. f DS-GVO): IP address, date and time of the request, content of the request (specific page), access status/HTTP status code. For the intended use of our app and thus necessary for the usage relationship, we also process the following data: Name, e-mail address, if applicable, periods of use, in particular upload processes. This data serves the fulfilment of the usage relationship. Therefore, the legal basis in this respect is Article 6 (1) sentence 1 lit. b DSGVO.
(4) For the registration of the app we collect username and password from you. For the use of the app, the network connections are accessed. Since both are necessary for the use of our app, the legal basis in this respect is Article 6 (1) sentence 1 lit. b DSGVO.
(5) Access to the following additional components is required to use the app. In this respect, you will be asked once at the beginning or only when using the respective function to grant the corresponding access authorization:
- Camera: In order to use the exercise function (e.g. take a photo of your notes for exercises), access to your system-side camera is required.
- Memory: Your photo memory is accessed when you want to send a previously saved photo file to the app.
The legal basis for the processing associated with this is your consent, which you declare when granting access. You can revoke this consent at any time with effect for the future. You do this by revoking the access authorization on your mobile device.
(6) You can be informed about new courses via notification and set reminders for courses. To do this, your smartphone registers with the respective push service (Apple Push Notification or Google Cloud Messaging) after downloading the app. The service then sends a token to your device. The token is transmitted to us by the app and stored in a database there. If a notification is to be sent, we send the message with the token to the push service, which forwards it to your device. The legal basis for the processing associated with this is your consent, which you declare with Push Notification Permission. You can revoke this consent at any time with effect for the future. You do this by withdrawing the permission on your mobile device.
(7) We engage in cross-platform usage analytics with the following providers:
- Google Firebase: The app optionally uses Google Analytics for Firebase. The User consents to the use of Google Analytics for Firebase when downloading the App. The user can deactivate the use of Google Analytics for Firebase at any time within his app profile. The information generated about the use of the app is transmitted with an anonymised IP address to a Google server in the USA and stored there. The IP anonymization function in Analytics sets the last octet to zero for user IP addresses of type IPv4 and the last 80 bits in memory for IPv6 addresses. This means that the exact IP address of the user is not stored. The legal basis is your consent, which you give when downloading the app and which you can revoke at any time. Google will use this information to evaluate your use of the app in order to compile reports on activity for the app operators. Google may also transfer this information to third parties. If the user consents to the use of Google Analytics for Firebase in the app, he agrees to the processing of data about him by Google in the manner and for the purposes set out above.
This usage data forms the basis for statistical, anonymous evaluations, so that trends can be identified, on the basis of which the offer can be improved accordingly.
(8) We always store this personal data until the end of the contractual relationship between us. In this case, we also process your data in order to fulfil legal obligations to which we are subject. The legal basis is Article 6 (1) sentence 1 lit. c DSGVO, § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be retained beyond the point in time at which the purpose was achieved. We may be obliged to do so,
- to retain for ten years personal data resulting from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) of the German Commercial Code (HGB), consolidated financial statements, management reports and group management reports, opening balances, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books as well as the work instructions and other organisational documents required for their understanding.As a rule, the retention period begins with the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB),
- to retain data relating to your person resulting from received commercial or business letters, from the reproduction of the received commercial or business letters as well as from other documents which are of significance for taxation for six years, whereby the retention period generally begins with the end of the calendar year in which the relevant document arose ((Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB).
How do we process your data for promotional purposes after downloading the app?
We process your data for self-promotion purposes. The legal basis is Article 6(1) sentence 1 lit. f DSGVO, according to which the processing of personal data is also possible without the consent of the data subject if the processing is necessary for the protection of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. Here, we invoke our interest in direct marketing in accordance with Recital 47 a.E. GDPR. In this context, we refer to the existing legal relationship between us and your possibility to object to the processing at any time. In this context, we would like to point out once again that you can generally object to the use of your personal data for the purposes of advertising, market research or opinion polling at any time; if necessary, this can be done by sending an informal message to one of the above-mentioned contact channels ("Who are we?").
Do we guarantee sufficient data security?
We maintain current technical measures to ensure data security, in particular to protect your personal data from dangers during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art.
What rights do you have?
You have some rights. You have the right to information about the personal data processed about you, as well as to correction or deletion, to restriction of processing, to object to processing and to data portability. Furthermore, you have the possibility to complain about us to the supervisory authority responsible for us. We would like to point out that these rights may be subject to conditions, which we will insist on.