Privacy Policy for the InnoHikes App
Preamble
This service (hereinafter referred to as “App“) is provided by
Verein EMN Europäische Metropolregion Nürnberg e. V.
Theresienstraße 9
D-90403 Nürnberg
Phone: +49 (0) 911 231 105 – 22
E-Mail: geschaeftsstelle@metropolregion.nuernberg.de
(hereinafter “we” or “us“) as the responsible party within the meaning of the applicable data protection law.
Within the framework of the app, we enable you to experience digital content in the real world via augmented reality.
When you use the app, we process personal data about you. Personal data means any information relating to an identified or identifiable natural person. Because protecting your privacy when using the app is important to us, we would like to inform you in the following which personal data we process when you use the app and how we handle this data. In addition, we inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to protect our legitimate interests, also about our legitimate interests.
You can access this privacy policy at any time under the menu item “Privacy” within the app.
1. information on the processing of your data
Certain information is already processed automatically as soon as you use the app. We have listed exactly which personal data is processed for you below:
1.1 Information collected during the download
When you download the app, certain required information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store); in particular, the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective App Store and is beyond our control.
1.2 Information collected during use
As part of your use of the App, we automatically collect certain data that is required for the use of the App. This includes:
- Version of the operating system
- IP address
This data is automatically transmitted to us.
If you create a player profile and collect points or tickets during the course of the game this information will be collected:
- Player name
- Number of points
- Number of tickets
The app also requires the following permissions on your device:
- Internet access: This is required for general communication with the server, e.g. to download AR content (images, videos, etc.).
- Camera access: This is needed to place digital content in the real world via augmented reality. However, this access only takes place after release by the user.
The processing operations are necessary
- to make the service and the associated functions available to you;
- to prevent and eliminate misuse and malfunctions.
This data processing is justified by the fact that
- the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6(1)(b) DSGVO for the use of the App, or 1 lit. b) DSGVO zur Nutzung der App erforderlich ist, oder
- we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service that is in line with the market and interests, that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) DSGVO outweigh here. 1 lit. f) DSGVO überwiegt.
2. disclosure and transfer of data
In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.
2.1 If it is necessary to clarify an illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to the law enforcement authorities or other authorities and, if applicable, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behaviour. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities.
Any disclosure of personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) DSGVO in conjunction with national legal requirements to disclose data to law enforcement authorities, or
(2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behaviour or in order to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) DSGVO are not overridden.
2.2 We rely on subcontractors to provide our service, to whom we transfer data in the course of providing the service:
- Microsoft Ireland – Hosting, Data Storage, Microsoft Services.
A contract for commissioned processing in accordance with Art. 28 DSGVO has been concluded with these subcontractors.
2.4 As part of the development of our business, the structure of our company may change by changing its legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information may be transferred along with the part of the business being transferred. Any transfer of personal information to third parties to the extent described above will be done in accordance with this Privacy Policy and applicable data protection law.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as required and that your rights and interests in the protection of your personal data within the meaning of Article 6 (1) (f) of the German Data Protection Regulation (DSGVO) do not outweigh this interest.
3. data transfers to third countries
We do not process any data outside the European Union or the states of the European Economic Area (“EEA“).
4. changes of purpose
Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.
5. period of data storage
We delete or anonymise your personal data as soon as they are no longer required for the purposes for which we collected or used them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app. Even during the usage / contractual relationship, the pseudonymised usage data is stored for a maximum of 12 months. Exceptions to the deletion may be that data is needed longer for criminal prosecution or to secure, assert or enforce legal claims.
Specific statements in this data protection declaration or legal requirements for the storage and deletion of personal data, in particular data that we must retain for tax reasons, remain unaffected.
6 Your rights as a data subject
6.1 Right to information
You have the right to request information from us at any time about the personal data we process that concerns you within the scope of Art. 15 DSGVO. To do this, you can send a request by post or email to the address below.
6.2 Right to rectify inaccurate data
You have the right to request that we correct personal data relating to you without delay if it is incorrect. To do so, please contact us at the addresses below.
6.3 Right to erasure
You have the right, under the conditions described in Art. 17 DSGVO, to demand that we delete the personal data relating to you. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see section 5 of this data protection declaration. To exercise your right to erasure, please contact us at the addresses below.
6.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 DSGVO. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses below.
6.5 Right to data portability
You have the right to receive from us the personal data relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Article 20 DSGVO. To exercise your right to data portability, please contact us at the contact addresses below.
7. right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) DSGVO, in accordance with Article 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
8. right of complaint
If you are of the opinion that we violate German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. contact
If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights as a data subject mentioned in sections 6 and 7, please contact
Verein EMN Europäische Metropolregion Nürnberg e. V.
Theresienstraße 9
D-90403 Nürnberg
Phone: +49 (0) 911 231 105 – 22
E-Mail: geschaeftsstelle@metropolregion.nuernberg.de
For questions or comments on the practical handling and operation of the app or for support requests, please contact geschaeftsstelle@metropolregion.nuernberg.de.
10. changes to this data protection declaration
We always keep this data protection declaration up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data. The current version of the data protection declaration is always available under “Data protection” within the app.
Status: 09.08.2022