Privacy Policy
1. Scope of the Privacy Policy
This privacy policy applies to the app for mobile operating systems and devices mentioned in the heading (hereinafter referred to as "App"). This policy explains the type, purpose, and scope of data collection during App usage.
Please note that when downloading our App from an App Store, you must register or identify yourself with the respective App Store operator (e.g., via a Google or Apple ID). During the download, various personal data, such as your email address, username, your App Store account number, your unique device identifier, the time of download, and, if applicable, payment information, may be processed by the App Store operator. The privacy policies and terms of use of the App Store operators apply in this context and may differ from the data protection laws of the European Union. We have no control over these terms.
We reserve the right to amend this privacy policy at any time in accordance with legal requirements.
2. Responsible body
The responsible body for the data processing described in this privacy policy is:
Maisonpure GmbH
Bismarckstrasse 55
41747 Viersen
Email address: ep@maisonpure.de
Telephone number: +49 (0) 2162 890 655 4
3. Purpose and Legal Basis of Data Processing
Unless otherwise specified in this Privacy Policy, we process your personal data in connection with your use of the app to provide its functionalities, ensure its security, or—where necessary and legally permissible—to contact you. The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract) and our legitimate interest in providing a functional app (Article 6(1)(f) GDPR). If your consent has been requested, processing is based solely on Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications Data Protection Act (TDDDG); you may withdraw your consent at any time. Please see the following sections for further details.
4. Data categories processed
When you use this app, the following personal data about you will be processed:
Personal information:
• First and Last Name
• Username
• Profile picture
• Address
• E-mail address
• Telephone and mobile phone number
Contract details:
• Billing and contract data
• Payment details
Communication data:
• Chat histories
• Inquiries via email or contact form
Data generated within the app:
• Location data
• Photos, videos
• Uploads
• Weather data
• Usage data
• User input within the app (e.g. notes)
Technical information:
• IP addresses
• Metadata
• Device identifiers and device IDs
• Device number and device type
• Device type
• Operating system of the terminal device
• Device-specific app settings
• Date and time of app accesses
• Data volumes transferred
• Time zone
This data is processed for the purpose of fulfilling the user agreement between us and the app users (Art. 6 para. 1 sentence 1 lit. b GDPR). With regard to voluntary information, data processing is additionally based on Art. 6 para. 1 sentence 1 lit. f GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent can be withdrawn at any time.
5. Registration
You can register in the app. We use the data you enter for the purpose of providing the specific offer or service for which you registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. For important changes, such as changes to the scope of services or technically necessary modifications, we will use the contact information you provided during registration (e.g., email address) to inform you. The data entered during registration is processed for the purpose of fulfilling the user agreement established by the registration and, if applicable, for initiating further contracts (Art. 6 para. 1 lit. b GDPR). The data collected during registration will be stored by us for as long as you are registered on this app and will then be deleted. Statutory retention periods remain unaffected.
6. App access rights
To provide our services, the app requests the access rights listed below, which allow us to access certain functions of your device.
• Location data. Access is granted for the following purpose: weather data.
• Photos, videos. Access is granted for the following purpose: ticket location.
• Calendar. Access is for the following purpose: scheduling tickets.
• Camera. Access is granted for the following purpose: to illustrate the user's notes.
• Microphone. Access is granted for the following purpose: voice recordings for sending voice messages within the tickets.
• Speech recognition. Access is granted for the following purpose: internationalization of the app.
The granted access permissions will be used exclusively to provide the associated app functionalities. The data may be processed by the app store providers.
The legal basis for access is, firstly, Article 6(1)(b) GDPR (contract) and, secondly, your consent, which you gave during installation (Article 6(1)(a) GDPR). You can change the app's access permissions at any time and thereby withdraw your consent. In this case, however, the app or certain app functions may no longer work correctly.
7. Making contact
When you contact us (e.g., via contact form, email, telephone, fax, or any other channel), your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. This data is processed on the basis of Article 6(1)(b) GDPR if your inquiry relates to the performance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, processing is based on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the efficient handling of inquiries addressed to us. The data you send us via contact request will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, statutory retention periods – remain unaffected.
8. Interaction with other app users
Chat functions
The app allows communication with other users. Data processing is carried out to enable communication between users. When you use the chat function, the message content, including all resulting personal data (e.g., name), is stored and processed by us. This data processing is based on Article 6(1)(b) GDPR if your request is related to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on your consent (Article 6(1)(a) GDPR) and/or on our legitimate interests (Article 6(1)(f) GDPR).
Reporting inappropriate content
App users can report inappropriate content to us if they believe it violates our guidelines, general laws, or accepted ethical standards. Such reports are transmitted exclusively to us and reviewed by us. We will review each report and, if necessary, remove the reported content. Data processing is based on Article 6(1)(f) GDPR, as it is in our legitimate interest to respond to inappropriate content or behavior. Unfounded reports will be deleted immediately after review. Founded reports will be deleted once the purpose for which they were collected has been fulfilled.
9. Push-Benachrichtigungen
Diese App nutzt Google Firebase Cloud Messaging für den Versand von Push-Benachrichtigungen. Wenn Sie Push-Benachrichtigungen in unserer App aktivieren, wird Ihre IP-Adresse und Ihre Geräte-ID sowie die ggf. ausgewählten Themen an den AppStore-Betreiber übermittelt. Wenn Sie ein Android-Endgerät nutzen, erhalten Sie an-schließend Push-Benachrichtigungen über den bei Android integrierten Push-Dienst „Firebase Cloud Messaging“. Wenn Sie ein iOS-Endgerät nutzen, wird der Push-Auftrag an die Server von Apple weitergeleitet, die Ihnen Push-Benachrichtigungen über den Dienst „Apple Push Notification Services“ zukommen lassen. Rechtsgrundlage für die Datenverarbeitung und die Datenweitergabe ist Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung).
10. Analysis and Tracking
When you access our app, your behavior may be statistically analyzed using certain analytics tools and evaluated for advertising purposes or to improve our services. We ensure compliance with legal data protection regulations when using such tools. When using external service providers, we ensure through appropriate contracts with them that data processing complies with German and European data protection standards.
We use the following tools to analyze user behavior:
Firebase Analytics: We use the external analytics service Firebase Analytics to optimally tailor our app to user interests. The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Analytics allows us to analyze how our users interact with our app (e.g., average app usage, average sessions per user, button clicks, recognition of usage preferences) in order to track and understand user behavior across devices and thus optimize and improve the app's functionality accordingly. Furthermore, Firebase Analytics helps us identify and fix errors in the app's programming and prevent fraudulent activity within the app. For fraud prevention and statistical analysis purposes, Google processes device information such as the advertising ID (Apple's IDFA and Google's GAID) and the IP address of the device used, and provides us with anonymous statistics about interactions with our app. Details regarding Firebase's privacy policy can be found here: https://firebase.google.com/support/privacy. The legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in fraud prevention, IT security, the dynamic delivery of content, and the optimization of our app. If consent has been requested, the use of this service is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time. Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Firebase Crashlytics: This app uses Firebase Crashlytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Crashlytics is used to analyze malfunctions in mobile apps. In the event of malfunctions (e.g., crashes), reports about the malfunction are transmitted to Google in the USA. These reports may also contain personal data (e.g., IP addresses). Details on Firebase's privacy policy can be found here: https://firebase.google.com/support/privacy. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a stable app. If consent has been requested, the use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
11. Recipients of personal data
Your personal data will be transmitted to the following recipients:
1) Hoster Maisonpure GmbH: The app itself is hosted by the provider of the AppStore from which you downloaded the app. The user data recorded in the APP (e.g. uploads) is stored by our host. There is a contract for order processing with the hoster.
2) Google Cloud
We use Google Cloud. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Cloud, Google offers us a comprehensive platform for cloud computing services. The use of Google Cloud is based on our legitimate interest in providing our website as error-free and securely as possible (Art. 6 Para. 1 lit. f GDPR).
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://cloud.google.com/terms/eu-model-contract-clause
Further information about Google Cloud can be found here: https://cloud.google.com/cdn/docs/overview?hl=de
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780
Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.…
12. Data Transfer to Third Countries
We use tools from companies based in the USA or other third countries that do not offer adequate data protection. When these tools are active, your personal data may be transferred to and processed in these third countries. Please note that a level of data protection comparable to that of the EU cannot be guaranteed in these countries. For example, US companies are obligated to disclose personal data to security authorities without you, as the data subject, having any legal recourse. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.
13. Encryption
This app uses encryption for security reasons and to protect the transmission of confidential content. This encryption prevents the data you transmit from being read by unauthorized third parties.
12. Data Transfer to Third Countries
We use tools from companies based in the USA or other third countries that do not offer adequate data protection. When these tools are active, your personal data may be transferred to and processed in these third countries. Please note that a level of data protection comparable to that of the EU cannot be guaranteed in these countries. For example, US companies are obliged to disclose personal data to security authorities without you, as the data subject, having any legal recourse. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.
15. Automated decision making
There is no automated decision making.
16. Your rights
Under the GDPR, you have the following data protection rights:
Right to information (Art. 15 GDPR): You have the right to request information about your personal data stored by us.
Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.
Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.
Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) and the processing is carried out by automated means. Where technically feasible, you also have the right to have the personal data transmitted directly from us to another controller.
Right to withdraw your consent (Art. 7 para. 3 GDPR): If you have given your consent to the processing of your data, you have the right to withdraw it at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): If you believe that we are not complying with data protection regulations when processing your personal data, you have the right to lodge a complaint with a data protection authority.
In cases where data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR, you have the right to object to the data processing on grounds relating to your particular situation (right to object pursuant to Art. 21 GDPR).