Data protection
We undertake to comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and data minimization.
1) Name and address of the person responsible and the data protection office
a) The responsible person
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:
Startup Events GmbH
Rumfordstrasse 15
80469 Munich
Germany
Email: privacy@bitsandpretzels.com
b) The data protection officer
You can reach the data protection officer of the person responsible as follows:
SiDIT GmbH, Langgasse 20, 97261 Güntersleben, info@sidit.de
2) Explanations of terms
We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here [https://gdpr-info.eu/art-4-gdpr/].
3) Legal basis for the processing of personal data
a) Processing of personal data following GDPR
We only process your data such as your surname and first name, your e-mail address and IP address, etc. if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations, in particular, come into consideration here:
However, at the relevant points in this data protection declaration, we will always point out the legal basis on which the processing of your data takes place.
b) Processing of information according to § 25 Abs.1 TTDSG
We also process information following Section 25 (1) TTDSG by storing information on your terminal device or accessing information that is already stored on your terminal device. This can be both personal information and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. Terminal equipment is any device connected directly or indirectly to the interface of a public telecommunications network for sending, processing, or receiving messages, Section 2 Paragraph 2 No. 6 TTDSG.
We usually process this information based on your consent, Section 25 (1) TTDSG.
As far as an exception according to § 25 Abs.2 Nr. 1 und Nr.2 TTDSG is given, we do not need our consent. Such an exception is where we are accessing or storing the information solely to transmit a message over a public telecommunications network or where it is strictly necessary for us to provide a Telemedia service that you have specifically requested. You can revoke your consent at any time.
We inform you that the revocation of consent does not affect the lawfulness of the processing carried out based on the consent up to the point of revocation
4) Passing on of the personal Data
The transfer of personal data is also a process within the meaning of the previous paragraph 3. However, at this point, we would like to inform you again separately about the topic of transfer to third parties. The protection of your data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.
It will therefore only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies who work for us as processors following Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us
Following the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.
5) Storage and Deletion
Your data will be deleted by us if they are no longer necessary for the purposes for which they were collected or otherwise processed, the processing is not necessary to exercise the right to freedom of expression and information, to fulfill legal obligation reasons of public interest or to assert, exercise or defend legal claims.
6) SSL encryption
Our app uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the app operator.
If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
7) Collection and storage of personal data and their type and purpose of use
a) Downloading the App
When downloading the mobile app, the required information is transferred to the App Store or Play Store, i.e. in particular the user name, e-mail address and customer number of your account, the time of the download, payment information, and the individual device code. We do not influence this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.
b) Use of the App
When using the mobile app, we collect the personal data described below to enable convenient use of the functions. If you want to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data to draw conclusions about your person.
c) Registration
As part of the registration, we collect and process your first and last name as well as your e-mail address and a password of your choice. You can also enter your LinkedIn profile URL.
We collect this data for legitimate interests for further identification and the provision of our services following Article 6 ( 1 ) sentence 1 lit. b) and f) GDPR.
This data is stored in our backend.
d) Use of the chat function
You have the option of allowing the "Chat" function in the app. By activating the chat function during registration, you have the option of starting a chat with other users and exchanging ideas within this framework. Other users also have the option of contacting you via the chat function if you have activated the "Chat" function.
When using the chat function, the following inventory data is processed:
· First and Last Name
When exchanging messages, only the following information is passed on to the respectively addressed user or user group:
We encrypt all messages with a highly secure end-to-end encryption process. Encrypted messages and media (images, videos, files, etc.) are completely deleted from the servers after successful delivery. If the messages and media are not or not fully retrieved, they will be automatically and irretrievably deleted from the server after two weeks.
The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.
e) favorite function
In the app, you have the option of adding a user as a favorite and being added as a favorite yourself. The favorite user is not informed about this.
This favorites function is used to conveniently find other users. The data processing is therefore based on our legitimate interest according to Article 6 Paragraph 1 Clause 1 Letter f GDPR.
f) contact scanning
As part of the app, you have the option of scanning the QR code of another user and thus saving their contact in the app. You can also make your QR code available to another user to scan. For this, you must allow the app access to your camera. This function is used to network users with each other.
The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.
g) meeting requests
If you activate the " Allow meeting requests " function during registration, you have the option in the app to contact other users and send a meeting request with the date and time. Other users also have the option of sending you such meeting requests if you have allowed this function.
As part of the meeting request, your first and last name, the date and time of the meeting, and your message will be transmitted.
The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.
h) votes
You have the option of taking part in a voting as part of the app. The following personal data is processed as part of the voting:
· First and Last Name
The legal basis for processing this data is Article 6 Paragraph 1 Sentence 1 lit. b) and f) GDPR for the provision of our services and our legitimate interest.
i) push notifications
Under the menu item "More - Settings" you can confirm whether you would like to receive news via push notifications, even if you are not actively using our app or the device is idle.
You can switch this function on or off at any time later on the mobile device under "More - Settings". The push notifications are delivered using servers provided by the manufacturers of the operating systems. The mobile devices must therefore be registered with these servers, which requires the transmission of a UUID (iOS) or the device ID (Android) assigned to the device.
The legal basis here results from Article 6 Paragraph 1 Clause 1 Letter b) GDPR for the provision of our services based on the inquiry you have made, as well as from our legitimate interest, Article 6 Paragraph 1 Clause 1 Letter f ) GDPR.
j) Contact Form/Help
We provide you with a form in our app so that you can contact us at any time. When you use the contact form, your device designation, the operating system you are using, the sending date and time, and your e-mail address, if you have given it, will be sent to us so that we know who sent the request and can also process it.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there and your IP address, will be processed following Article 6 Paragraph 1 S. 1 lit. b and f GDPR to carry out pre-contractual measures that take place at your request or to safeguard our legitimate interest, namely to carry out our business activities.
The inquiries and the associated data will be deleted no later than 3 months after receipt, provided they are not required for a further contractual relationship.
k) Newsletter
Content of the newsletter and registration data
We will only send you a newsletter if you order it from us and give your consent following Art. 6 para. S. 1 lit. a GDPR has been granted. The contents of the newsletter are specifically described when registering for the newsletter. To register for the newsletter, it is sufficient to provide your e-mail address. If you provide further voluntary information such as your name and/or your gender, this will only be used to personalize the newsletter addressed to you.
Double opt-in and logging
For security reasons, we use the so-called double opt-in procedure to register for our newsletter so that nobody can register with someone else's e-mail address. Therefore, after registering for our newsletter, you will first receive an e-mail asking you to confirm your registration. This only becomes effective once the registration has been confirmed.
Furthermore, your registration for the newsletter will be logged. The logging includes the storage of the registration and confirmation time, your specified data, and your IP address. If you make changes to your data, these changes will also be logged.
Revocation
If you no longer wish to receive our newsletter, you can revoke your consent at any time in the future. You can do this by clicking on the unsubscribe link at the end of each newsletter or by sending us an email to the following email address: privacy@bitsandpretzels.com
The revocation of the consent does not affect the legality of the processing carried out based on the consent up to the point of revocation.
8) rights of the data subject
You have the following rights:
a) information
Following Art. 15 GDPR, you have the right to request information about your data processed by us. This right to information includes information about
b) correction
According to Art. 16 GDPR, you have the right to immediate correction of incorrect or incomplete personal data stored by us.
c) deletion
According to Art. 17 GDPR, you have the right to request the immediate deletion of your data from us, provided that further processing is not necessary for one of the following reasons:
d) restriction of processing
Following Art. 18 GDPR, you can request the restriction of the processing of your data for one of the following reasons:
e) briefing
If you want the correction or deletion of your data or a restriction of processing according to Art. 16, Art. 17 Para. 1 and Art. 18 GDPR, we will inform all recipients to whom your data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.
f) transmission
You have the right to receive the personal data that you have provided to us in a structured, common, and machine-readable format.
You also have the right to request the transmission of this data to a third party, provided that the processing was carried out using automated procedures and is based on consent following Article 6 Paragraph 1 Clause 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract according to Art. 6 Para. 1 S. 1 lit. b GDPR.
g) revocation
Following Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time. The revocation of the consent does not affect the legality of the processing carried out based on the consent up to the point of revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.
h) complaint
According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your data violates the GDPR.
i) contradiction
If your data is processed based on legitimate interests following Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your data following Article 21 GDPR, provided there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the particular situation. If you would like to make use of your right of revocation or objection, an e-mail to privacy@bitsandpretzels.com is sufficient
j) Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
Concerning the cases referred to in i) and iii), we take appropriate measures to protect your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision heard.
9) Change to the privacy policy
If we change the data protection declaration, this will be indicated in the app.
Status: 09.06.2022
Startup Events GmbH
Rumfordstraße 15
80469 Munich
Germany
hello@bitsandpretzels.com
.png)