The following data protection declaration applies to the use of the CLAIMD app.The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. In the following, we would like to inform you in detail about the processing of your data when using the app.
I. Name and contact details of the person responsible
The person responsible within the meaning of the data protection regulations for the processing of personal data is:
Impact Bakery GmbHRiegeler Str. 279111 Freiburg, Germany Phone: +49 761 88787501 Email: firstname.lastname@example.org Website: www.claimd.app
II. Purpose of processing personal data, legal basis and storage period
In the following we inform you about the processing of your data by using the app. As far as we are responsible for the processing of your data, we will inform you below about the data processing operations that take place when using the app (a), their purpose (b), legal basis (c) as well as about the respective storage period and, if applicable, specific options for objection and removal ( d).
1. RegistrationThe app is available from sales platforms operated by third parties, so-called app stores (Google Play and Apple iTunes). Your download may require prior registration with the respective app store and the installation of the app store software. We have no influence on the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and the app store software. In this respect, the responsible body is solely the operator of the respective app store. If necessary, please contact the respective app store provider directly.
2. Setup data and username
a) After the installation, the app needs the following setup data: "Username", "Password" and "Activation code".
b) These setup data are required for the app to function. Your user name is used to uniquely identify you. You also need this user ID to log into the app.
c)These setup data are required for using the app and are processed on the basis of Art. 6 Para. 1 lit. f GDPR, unless a different legal basis is given. We have a legitimate interest in this setup data for the technically error-free and provision of the app.d) These setup data are deleted when the app is uninstalled. The username with deletion of your account on our platform Claimd
a) Your personal password, which you assigned yourself to participate in our online marketplace "CLAIMD", is also required to log into the app. If you change your password, the new password also applies to the app.If your smartphone technically supports biometric registration, a technical password is generated by the app for identification and stored by us.When using the fingerprint sensor to log in, a native function of your smartphone is accessed. Only the successful or unsuccessful result of the fingerprint verification is transmitted to the app.
b) We save your password to prevent unauthorized access to your account in our online marketplace.
c) The password is required to use the app and is based on Art. 6 Para. 1 lit. f GDPR, unless a different legal basis is given. Our legitimate interest lies in preventing unauthorized access to your account by using the app.
d) Your personal password will be deleted when you log out of the CLAIMD platform.The technical password that is created when you use the biometric login is deleted after the app account is closed.
4. Data collection as a result of device registration
a) After the app has been installed, it is permanently linked to your device (device registration). In the course of this device registration, we collect and store the following data: • User ID • Model of the bound device (for example Samsung Galaxy S9) • Serial number of the bound device • OS type (for example ANDROID_x86) • OS version (for example 9.0 .0) • Last login process (for example 08/01/2016 10:47 AM) • Installed version of the app (for example 2.0)
b) We collect the data to protect the confidentiality of your data.
c) The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR. The aforementioned purpose also has a legitimate interest in processing the data.
d) The data will be deleted if you cancel the connection with your end device via the device management, uninstall the app or close your app account with us.
5. Required Permissions
a)In the settings of your smartphone, you can allow the app to access numerous functions and personal data that are stored on the device.You will be asked once at the beginning or when you use the respective function to grant the appropriate access authorization. These are in detail:
Network access & network connections Network access is required as the app can only be used in online mode.
Camera In order to send us a document, access to your system-side camera is required.
As part of the device registration, security messages are encrypted and stored locally so that the cause can be investigated in the event of an unjustified security message. This file is only requested when required and is not sent automatically. Your photo memory is also accessed if you want to send us a photo file that has already been saved.For our security check, we need access to the device status.
b) The data mentioned will be processed by us for the following purposes:Allow In order for the app to function properly, it is necessary that you grant access to certain smartphone functions and personal data that are stored on the device.Ensuring proper functioning of the appEvaluation of system security and stability as well as for further administrative purposes.
c) The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data processing purposes listed above. If consent for authorization has been requested, processing takes place exclusively on the basis of this consent (Art. 6 Paragraph 1 lit. a GDPR); the consent can be revoked at any time.
d) The above data will be saved until the app is uninstalled.
You can always see in the app in the area "Settings> Security> System permissions" which permissions you have already granted and revoke them. In order for the app to function properly, however, it is necessary that you grant access to certain smartphone functions and personal data stored on the device.
6. Data collection when using push notifications
a) You can receive notification of new messages in your mailbox. To do this, after downloading the app, your smartphone registers with the respective push service (Apple Push Notification or Google Cloud Messaging). The service then sends a token to your device. The token is sent to us by the app and stored there in a database. If a notification is to be sent, we send the message with the token to the push service, which forwards it to your device.
b) The storage of the token in our database is used to send you push messages.
c) The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR insofar as you want to use the push service function; the consent can be revoked at any time.
d) As soon as you switch off the push notifications in the settings, the token will be deleted by us in the database.
7. Analysis to ensure freedom from errors and needs-oriented further development
a) To ensure that the app is free of errors, we use crash reporting and an analysis tool. The crash reporting ensures that when an error occurs, it can be traced back at which point it happened so that the cause can be determined. The analysis tool provides valuable information to further develop the app as required. You can change your approval or rejection of the analysis to ensure that it is free of errors and needs-based further development under "App Analysis" in the settings.The following data is collected:Client IP (abbreviated)End device ID for device binding and crash reportingEnd device ID for recording user sessions (each time the app is started, a randomly generated number that does not allow the device and person to be assigned)Track ID (account number from us with our service provider)App versionoperating systemScreen resolutionMobile deviceDate and Timecalled content and functions
b) The transmission of the analysis data is necessary to improve the functionality of the app.
c) We have a legitimate interest in processing the analysis data for the technically error-free and optimized provision of the app. If consent to the transmission of analysis data has been requested, processing takes place exclusively on the basis of this consent (Art. 6 Paragraph 1 lit. a GDPR); the consent can be revoked at any time.
d) If you delete your account or revoke your consent, the analysis data will also be deleted.
8. Analysis of cross-platform usage behavior
a) In addition, information is collected for analysis purposes using the following data:Visitor IDEnd device ID for recording user sessions (randomly generated number that is stored permanently compared to the end device ID, but which also does not allow the device and person to be assigned) With these two IDs we can evaluate how the password-protected offers in the app and on the “CLAIMD” platform are used in addition to one another.The visitor ID is generated from the ID of your "CLAIMD" account. It is alienated. As a result, the visitor ID can no longer be traced back to you personally. Your personal usage behavior remains virtually anonymous. You can change your consent or rejection of the analysis of usage behavior under "App analysis" in the settings.
b) We use this analysis to analyze the use of our platform and the app and to improve them regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.
c)The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f GDPR. The aforementioned purpose also has a legitimate interest in processing the data.
d) The analysis data of the usage behavior are stored for evaluation purposes for 36 months.You can change your consent or rejection of the analysis of usage behavior under "App analysis" in the settings.
III. Cooperation with contract processors and third parties
In some cases, we use external service providers (processors) to process your data. These have been carefully selected and commissioned by us, are bound by instructions and are checked regularly. These are external service providers who provide us with technical support (web hosts, programmers). This is done on the basis of order processing contracts in accordance with Art. 28 GDPR.
Incidentally, we only pass on your data to third parties if:According to Art. 6 Para. 1 S. 1 lit. a GDPR have given express consent to this,the transfer according to Art. 6 Para. 1 S. 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,for the transfer according to Art. 6 Para. 1 S. 1 lit. c GDPR there is a legal obligation, or this is legally permissible and according to Art. 6 Para. 1 S. 1 lit. b GDPR is necessary for the fulfillment of contractual relationships with you.Service providers in a third country are only commissioned if the special requirements of Art. 44 ff. GDPR are met.to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your habitual residence or place of work or the place of the alleged violation.
IV. Right to Object
If your personal data is based on legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR are processed, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation; this also applies to profiling based on these provisions. We will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.You can of course object to the processing of your personal data for advertising and data analysis purposes at any time. This also applies to profiling insofar as it is related to such direct advertising.
V. Right to withdraw consent under data protection law
According to Art. 7 Para. 3 GDPR, you have the right to revoke your once given consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future. This does not affect the legality of the processing carried out on the basis of the consent until the revocation.
VI. Current status and changes to this data protection declaration
This data protection declaration is dated November 2020.Due to the further development of our app and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at link.