‍

Data protection

We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.

1)    Name and address of the person responsible and the data protection office

a)     The responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

Startup Events GmbH

Rumfordstrasse 15

80469 Munich

Germany

Email: privacy@bitsandpretzels.com

b)    The data protection officer

You can reach the data protection officer of the person responsible as follows:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de 

2)    Explanations of terms

We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here [https://gdpr-info.eu/art-4-gdpr/].

3)    Legal basis for the processing of personal data

a)     Processing of personal data following GDPR 

We only process your data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations, in particular, come into consideration here:

• Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given their consent to the processing of their data for one or more specific purposes.
• Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are taken at the request of the data subject.
• Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject
• Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person
• Art. 6 para. 1 sentence 1 lit. e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible
• Art. 6 para. 1 sentence 1 lit. f GDPR: the processing is necessary to protect the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular, if the data subject is a child act

However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your data takes place.

b)    Processing of information according to § 25 Abs.1 TTDSG 

We also process information following Section 25 (1) TTDSG by storing information on your terminal device or accessing information that is already stored on your terminal device. This can be both personal information and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. Terminal equipment is any device connected directly or indirectly to the interface of a public telecommunications network for sending, processing, or receiving messages, Section 2 Paragraph 2 No. 6 TTDSG. 

We usually process this information based on your consent, Section 25 (1) TTDSG.

As far as an exception according to § 25 Abs.2 Nr. 1 und Nr.2 TTDSG is given, we do not need our consent. Such an exception is where we are accessing or storing the information solely to transmit a message over a public telecommunications network or where it is strictly necessary for us to provide a Telemedia service that you have specifically requested. You can revoke your consent at any time.

We inform you that the revocation of consent does not affect the lawfulness of the processing carried out based on the consent up to the point of revocation

4)    Passing on of the personal Data

The transfer of personal data is also a process within the meaning of the previous paragraph 3. However, at this point, we would like to inform you again separately about the topic of transfer to third parties. The protection of your data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors following Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us

Following the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.

5)    Storage and Deletion

Your data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill legal obligation reasons of public interest or to assert, exercise or defend legal claims.

6)    SSL encryption

Our app uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the app operator.

If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

7)    Collection and storage of personal data and their type and purpose of use 

a)     Downloading the App

When downloading the mobile app, the required information is transferred to the App Store or Play Store, i.e. in particular the user name, e-mail address and customer number of your account, the time of the download, payment information, and the individual device code. We do not influence this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.

b)    Use of the App

When using the mobile app, we collect the personal data described below to enable convenient use of the functions. If you want to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access Status /HTTP Status Code
• operating system and its surface
• Browser software language and version.
• Name of the mobile device, e-mail address

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

c)     Registration

As part of the registration, we collect and process your first and last name as well as your e-mail address and a password of your choice. You can also enter your LinkedIn profile URL.

We collect this data for legitimate interests for further identification and the provision of our services following Article 6 ( 1 ) sentence 1 lit. b) and f) GDPR.

This data is stored in our backend.

‍

d)    Use of the chat function

You have the option of allowing the "Chat" function in the app. By activating the chat function during registration, you have the option of starting a chat with other users and exchanging ideas within this framework. Other users also have the option of contacting you via the chat function if you have activated the "Chat" function.

When using the chat function, the following inventory data is processed:

·      First and Last Name

When exchanging messages, only the following information is passed on to the respectively addressed user or user group:

We encrypt all messages with a highly secure end-to-end encryption process. Encrypted messages and media (images, videos, files, etc.) are completely deleted from the servers after successful delivery. If the messages and media are not or not fully retrieved, they will be automatically and irretrievably deleted from the server after two weeks.

The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.

e)    favorite function

In the app, you have the option of adding a user as a favorite and being added as a favorite yourself. The favorite user is not informed about this.

This favorites function is used to conveniently find other users. The data processing is therefore based on our legitimate interest according to Article 6 Paragraph 1 Clause 1 Letter f GDPR.

f)      contact scanning

As part of the app, you have the option of scanning the QR code of another user and thus saving their contact in the app. You can also make your QR code available to another user to scan. For this, you must allow the app access to your camera. This function is used to network users with each other.

The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.

g)     meeting requests

If you activate the " Allow meeting requests " function during registration, you have the option in the app to contact other users and send a meeting request with the date and time. Other users also have the option of sending you such meeting requests if you have allowed this function.

As part of the meeting request, your first and last name, the date and time of the meeting, and your message will be transmitted.

The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.

h)    votes

You have the option of taking part in a voting as part of the app. The following personal data is processed as part of the voting:

· First and Last Name

The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.

i)      push notifications

Under the menu item "More - Settings" you can confirm whether you would like to receive news via push notifications, even if you are not actively using our app or the device is idle.

You can switch this function on or off at any time later on the mobile device under "More - Settings". The push notifications are delivered using servers provided by the manufacturers of the operating systems. The mobile devices must therefore be registered with these servers, which requires the transmission of a UUID (iOS) or the device ID (Android) assigned to the device.

The legal basis here results from Article 6 Paragraph 1 Clause 1 Letter b) GDPR for the provision of our services based on the inquiry you have made, as well as from our legitimate interest, Article 6 Paragraph 1 Clause 1 Letter f ) GDPR.

j)      Contact Form/Help

We provide you with a form in our app so that you can contact us at any time. When you use the contact form, your device designation, the operating system you are using, the sending date and time, and your e-mail address, if you have given it, will be sent to us so that we know who sent the request and can also process it.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there and your IP address, will be processed following Article 6 Paragraph 1 S. 1 lit. b and f GDPR to carry out pre-contractual measures that take place at your request or to safeguard our legitimate interest, namely to carry out our business activities.

The inquiries and the associated data will be deleted no later than 3 months after receipt, provided they are not required for a further contractual relationship.

k)     Newsletter

 Content of the newsletter and registration data

We will only send you a newsletter if you order it from us and give your consent following Art. 6 para. S. 1 lit. a GDPR has been granted. The contents of the newsletter are specifically described when registering for the newsletter. To register for the newsletter, it is sufficient to provide your e-mail address. If you provide further voluntary information such as your name and/or your gender, this will only be used to personalize the newsletter addressed to you. 

Double opt-in and logging

For security reasons, we use the so-called double opt-in procedure to register for our newsletter so that nobody can register with someone else's e-mail address. Therefore, after registering for our newsletter, you will first receive an e-mail asking you to confirm your registration. This only becomes effective once the registration has been confirmed.

Furthermore, your registration for the newsletter will be logged. The logging includes the storage of the registration and confirmation time, your specified data, and your IP address. If you make changes to your data, these changes will also be logged.

‍

Revocation

If you no longer wish to receive our newsletter, you can revoke your consent at any time in the future. You can do this by clicking on the unsubscribe link at the end of each newsletter or by sending us an email to the following email address: privacy@bitsandpretzels.com 

The revocation of the consent does not affect the legality of the processing carried out based on the consent up to the point of revocation.

8)    rights of the data subject

You have the following rights:

a)     information

Following Art. 15 GDPR, you have the right to request information about your data processed by us. This right to information includes information about

• the processing purposes
• the categories of personal data
• the recipients or categories of recipients to whom your data has been or will be disclosed
• the planned storage period or at least the criteria for determining the storage period
• the existence of a right to rectification, erasure, restriction of processing, or objection
• the existence of a right of appeal to a supervisory authority
• the origin of your data, if they were not collected from us
• the existence of automated decision-making including profiling and, where appropriate, meaningful information on its details

b)    correction

 According to Art. 16 GDPR, you have the right to immediate correction of incorrect or incomplete personal data stored by us.

c)     deletion

According to Art. 17 GDPR, you have the right to request the immediate deletion of your data from us, provided that further processing is not necessary for one of the following reasons:

• the personal data are still necessary for the purposes for which they were collected or otherwise processed
• to exercise the right to freedom of expression and information
• to fulfill a legal obligation that requires processing under European Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller
• for reasons of public interest in the area of public health following Art. 9 (2) lit. h and I and Art. 9 (3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89 (1) GDPR, insofar as the law mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing
• to assert, exercise, or defend legal claims

d)    restriction of processing

 Following Art. 18 GDPR, you can request the restriction of the processing of your data for one of the following reasons:

• You contest the accuracy of your data.
• The processing is unlawful and you oppose the erasure of the personal data.
• We no longer need the personal data for processing, but you need them to assert, exercise, or defend legal claims.
• You object to the processing following Art. 21 (1) GDPR.

e)    briefing

 If you want the correction or deletion of your data or a restriction of processing according to Art. 16, Art. 17 Para. 1 and Art. 18 GDPR, we will inform all recipients to whom your data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

f)      transmission

 You have the right to receive the personal data that you have provided to us in a structured, common, and machine-readable format.

You also have the right to request the transmission of this data to a third party, provided that the processing was carried out using automated procedures and is based on consent following Article 6 Paragraph 1 Clause 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract according to Art. 6 Para. 1 S. 1 lit. b GDPR.

‍

g)     revocation

Following Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time. The revocation of the consent does not affect the legality of the processing carried out based on the consent up to the point of revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.

h)    complaint

According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your data violates the GDPR.

i)      contradiction

 If your data is processed based on legitimate interests following Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your data following Article 21 GDPR, provided there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the particular situation. If you would like to make use of your right of revocation or objection, an e-mail to privacy@bitsandpretzels.com is sufficient 

j)      Automated individual decision-making including profiling

 You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for entering into, or the performance of, a contract between you and us
2. is permitted based on legal regulations of the European Union or the member states to which we are subject and these legal regulations contain appropriate measures to protect your rights and freedoms as well as your legitimate interests
3. takes place with your express consent

However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

Concerning the cases referred to in i) and iii), we take appropriate measures to protect your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision heard.

9)    Change to the privacy policy

If we change the data protection declaration, this will be indicated in the app.

Status: 09.06.2022

‍