1. scope of application of the privacy policy
The responsible party operates an app with which the user can scan cosmetic products. This tells the user which ingredients they contain. The app also provides information on the functions of the products and ingredients and whether there are any risks for certain user groups when using them (allergies, redness, etc.)
This privacy policy applies to our apps for mobile operating systems and devices (hereinafter referred to as “app”). It explains the type, purpose and scope of data collection when using the app.
Please note that when downloading our app via an app store, you must register or identify yourself with the respective app store operator (e.g. via a Google or Apple ID). The data protection guidelines and terms of use of the app store operators apply, which may differ from the data protection laws of the European Union. We have no influence on these data protection guidelines.
We reserve the right to amend these data protection provisions at any time in compliance with legal requirements.
2. responsible body
The controller for the data processing described in this privacy policy is
health&media GmbH
Dolivostraße 9
64293 Darmstadt
E-mail address: info@health-media.de
Telephone number: 06151 66796-0
3. data protection officer
You can reach our data protection officer using the following contact details:
Emanuel Bechtold
Dolivostr. 9
64293 Darmstadt
E-mail address: emanuel.bechtold@health-media.de
Telephone number: 06151 667-9615
4. type, scope, purpose and legal basis of data processing
Purpose and legal basis of data processing
Unless more specific provisions are made in this privacy policy, we process your personal data in the context of app use in order to provide the functionalities of the app, to ensure the security of the app or – if necessary and legally permitted – to contact you. The legal basis is Art. 6 para. 1 lit. b GDPR (fulfilment of contract) and our legitimate interest in providing a functional app (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. for device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Details can be found in the following explanations.
Processed data categories
If you use this app, the following personal data will be processed by you:
- IP addresses
- Metadata
- Device identifiers / device IDs
- UDID (Unique Device Identifier) for iOS apps
- UUID (Universally Unique Identifier)
- Usage data
This data is collected to fulfil the user contract between us and the app users (Art. 6 para. 1 sentence 1 lit. b GDPR). With regard to voluntary information, data processing is also carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in the collection of data voluntarily provided by our users. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Access rights of the app
To provide our services, the app requests the access rights listed below, which allow us to access certain functions of your device.
- Camera. Access is for the following purpose: Scan barcode and use OCR reader
The access authorisations granted are used exclusively to provide the associated app functionalities.
The data may be processed by the providers of the app stores.
The legal basis for access is your consent, which you gave during installation (Art. 6 para. 1 lit. a GDPR). You can change the app’s access authorisations at any time. In this case, however, the app or certain app functions may no longer work properly.
Contact us
If you contact us (e.g. via the contact form, by email, telephone, fax or other channel), your enquiry, including all resulting personal data (e.g. name, enquiry), will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us. The data you send to us via a contact request will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Push notifications
Google Firebase
Analysis and tracking
When you access our app, your behaviour can be statistically evaluated with the help of certain analysis tools and analysed for advertising purposes or to improve our offers. When using such tools, we ensure compliance with the statutory data protection regulations. When using external service providers (contract data processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
We use the following tools to analyse user behaviour: Google Firebase Analytics
Encryption
This app uses encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us via the app. This encryption prevents the data you transmit from being read by unauthorised third parties.
Hosting
The app itself is hosted by the provider of the app store from which you downloaded the app. The user data recorded in the app is stored by our hoster. Our hoster is:
ALL-INKL.COM – Neue Medien Münnich
Inh. René Münnich
Hauptstraße 68
02742 Friedersdorf
We have concluded an order processing contract with our hoster, which ensures that the hoster processes the data on the basis of our instructions and in compliance with the GDPR.
5. storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. A discontinuation of the purpose regularly occurs when you log out of the app.
If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.
6. automated decision-making
No automated decision-making takes place.
7. your rights
You are entitled to the following data protection rights within the framework of the GDPR:
Right to information (Art. 15 GDPR): You have the right to request information about your personal data stored by us.
Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purpose of processing, you also have the right to request the completion of incomplete personal data.
Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of personal data concerning you.
Right to data portability (Art. 20 GDPR): You have the right to have personal data that we process automatically, on the basis of your consent or in fulfilment of a contract, handed over to you or to another controller in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right to withdraw your consent (Art. 7 para. 3 GDPR): If you have given your consent to the processing of your data, you have the right to withdraw this consent at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): If you are of the opinion that we are not complying with data protection regulations when processing your personal data, you have the right to lodge a complaint with a data protection authority.
In cases where data processing is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR, you have the right to object to data processing for reasons arising from your particular situation (right to object pursuant to Art. 21 GDPR).
This translation is based on the original German text.