PRIVACY POLICY
1) Information about the collection of personal data and contact details of the data controller
1.1 We are pleased that you are using our application (hereinafter “App”). In the following, we inform you about the handling of your personal data when using our app. Personal data are all data with which you can be personally identified.
1.2 The data controller for data processing with regard to this app within the meaning of the General Data Protection Regulation (GDPR) is PAJ UG (limited liability), Am Wieschen 1, 51570 Windeck, Germany, Tel .: +49 (0) 2292 39 499 59, Email: info@paj-gps.de. The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 The data controller has appointed a data protection officer who can be reached as follows: “Johannes Schmitz, Am Wieschen 1, 51570 Windeck, +49 (0) 2292 3949959, j.schmitz@paj-gps.de“
1.4 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this app uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.
2) Log files when using our mobile app
When you download our mobile app via an app store, the necessary information is transmitted to the app store, in particular your username, email address, and customer number of your account, time of download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.
When using our mobile app, we collect the personal data described below to enable comfortable use of the function. If you want to use our mobile app, we collect the following data, which is technically necessary for us to provide you with the functions of our mobile app and to ensure stability and security:
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request
- Access status/HTTP status code
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Used browser
- Language and version of the browser software
- Operating system used and its interface
- Used IP address (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our app. There is no further disclosure or other use of the data. However, we reserve the right to check the aforementioned log files subsequently if there are concrete indications of illegal use.
Furthermore, we need your unique device number (IMEI = International Mobile Equipment Identity), unique subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly MAC address for WLAN use, and the name of your mobile device.
3) Cookies
To make our app attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after you close the app (so-called session cookies). Other cookies remain on your device and enable us to recognize you again (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
Some of the cookies are used to simplify the operation of the app by storing settings. If personal data are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the app and a customer-friendly and effective design of the app use.
You can configure the settings of your mobile operating system and the app according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. However, we would like to point out that in this case you may not be able to use all functions of our mobile app.
4) Collection of location data
With consent
Our offer includes so-called location-based services, with which we offer you special offers tailored to your respective location. You can only use this function after you have agreed to a pop-up that we can collect your location data via GPS and your IP address in anonymized form for the purpose of providing the service. You can allow or revoke the function in the settings of the app or your mobile operating system at any time. Your location is only transmitted to us if you use the app functions that we can only offer you if we know your location.
5) Contact
In the context of contacting us (e.g. via contact form or email), personal data is collected. The data collected when using a contact form can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case when it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that there are no legal obligations to retain data.
6) Data processing when opening a customer account
In accordance with Art. 6 Para. 1 lit. b GDPR, personal data continues to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be seen from the respective input forms. You can delete your customer account at any time and it can be done by sending a message to the above address of the controller. We store and use the data you provide to us for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, about which we will inform you below accordingly.
7) Data processing for contract processing
7.1 Use of special service providers for contract processing and handling
– Tricoma
For order processing, we use the following provider: tricoma AG, Am Mühlbach 1, 97475 Zeil am Main, Germany
Name, address, and possibly further personal data are transferred to the provider solely for the purpose of processing the online order in accordance with Art. 6 Para.
7.2 – Amazon Pay
When selecting the payment method “Amazon Pay,” the payment processing is carried out by the payment service provider Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we disclose your information provided during the ordering process along with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. The disclosure of your data is made solely for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent necessary for this purpose. If cookies, small text files that are stored on the end device, are set when using Amazon Pay, this is done exclusively based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time via the “cookie consent tool” implemented on the website. Further information on the data protection regulations of Amazon Payments can be found at the following internet address: https://pay.amazon.com/de/help/201751600
– Apple Pay
If you choose the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is done through the “Apple Pay” function of your iOS, watchOS, or macOS operated device by charging a payment card stored with “Apple Pay.” Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, entering a code previously set by you and verifying it using the “Face ID” or “Touch ID” function of your device is required.
For the purpose of payment processing, your information provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Apple retains anonymized transaction data, including the approximate purchase amount, date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel to the Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and disable “Allow payments on Mac.”
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
– Google Pay
If you choose the payment method “Google Pay” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment processing is done through the “Google Pay” application of your mobile device running at least Android 4.4 (“KitKat”) and equipped with NFC functionality by charging a payment card stored in Google Pay or a verified payment system (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, unlocking your mobile device beforehand through the established verification measure (such as facial recognition, password, fingerprint, or pattern) is required.
For the purpose of payment processing, your information provided during the ordering process, along with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website to verify a completed payment. This transaction number contains no information about the real payment data of your payment methods stored in Google Pay but is created and transmitted as a uniquely valid numerical token. Google acts only as an intermediary for processing the payment process in all transactions via Google Pay. The transaction is carried out exclusively between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and any associated offer.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service. Google also reserves the right to merge the processed transaction data with further information collected and stored by Google when using other Google services.
The terms of use of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
– Paypal
On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
When selecting a payment method from the provider where you make a prepayment, your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 para. 1 lit. b GDPR. The disclosure of your data is made solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
When selecting a payment method where we make a prepayment, you will also be prompted during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, possibly data on an alternative payment method).
In such cases, to maintain our legitimate interest in determining your creditworthiness, this data will be forwarded to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. The provider checks based on the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experiences) whether the payment option selected by you can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). To the extent that score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, are included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may continue to be entitled to process your personal data if this is necessary for the contractual payment processing.
– Stripe
If you choose a payment method from the payment service provider Stripe, the payment processing is carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. The disclosure of your data is made solely for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on the data protection of Stripe can be found at the URL https://stripe.com/de/privacy#translation.
8) Registration in the App
You can register in our app by providing personal data. The specific personal data processed for registration is determined by the input mask used for registration. We use the double opt-in procedure for registration, meaning your registration is only completed once you have confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within 24 hours, your registration will be automatically deleted from our database. Providing the aforementioned data is mandatory. All other information can be provided voluntarily by using our portal.
When you use our app, we store the data required for the performance of the contract, including any payment method details, until you finally delete your access. Additionally, we store any voluntarily provided data for the duration of your use of the portal unless you delete it beforehand. You can manage and modify all information in the protected customer area. The legal basis is Art. 6 para. 1 lit. f GDPR. Furthermore, we store all content posted by you (such as public posts, pinboard entries, guestbook entries, etc.) to operate the app. We have a legitimate interest in providing the app with complete user-generated content. The legal basis for this is Art. 6 para. 1 lit. f GDPR. When you delete your account, your statements published in the forum, in particular, remain visible to all readers, but your account is no longer accessible. All other data will be deleted in this case.
9) Comment Function
As part of the comment function in our app, in addition to your comment, information about the time of comment creation and the commentator name chosen by you is stored and published in this app. Furthermore, your IP address is logged and stored. This storage of the IP address is for security reasons and in the event that the affected person violates the rights of third parties or posts unlawful content through a submitted comment. We require your email address to contact you in case a third party objects to your published content as unlawful. The legal bases for storing your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.
Subsequent comments can be subscribed to by you as a user. You will receive a confirmation email for this purpose, ensuring that you are the owner of the provided email address (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Art. 6 para. 1 lit. a GDPR. You can unsubscribe from ongoing comment subscriptions at any time with effect for the future; further information on how to unsubscribe can be found in the confirmation email.
10) Use of Your Data for Direct Marketing
Subscription to Our Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The mandatory information for sending the newsletter is solely your email address. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation email, asking you to confirm that you wish to receive the newsletter by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we store your IP address, as well as the date and time of registration, entered by the internet service provider (ISP), in order to trace any potential misuse of your email address at a later time. The data collected by us during the registration for the newsletter is used exclusively for the purpose of sending the newsletter. You can unsubscribe from the newsletter at any time using the unsubscribe link provided in the newsletter or by sending a corresponding message to the responsible party named at the beginning. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list, unless you have expressly consented to further use of your data, or we reserve the right to use data beyond what is legally permitted and inform you about it in this declaration.
11) Sending Push Notifications
You can subscribe to receive our push notifications. Our push notifications regularly provide information about our services.
To subscribe, you must confirm receipt of notifications or allow them in your operating system settings. This process is documented and stored, including the storage of the registration time and your device identification. Collecting this data is necessary for us to display the push notifications and, in case of misuse, to trace the processes, thus serving our legal protection. The processing of this data is based on Art. 6 para. 1 lit. a GDPR.
You can revoke your consent to the storage and use of your personal data for receiving our push notifications and the statistical collection described above at any time with effect for the future. To revoke your consent, you can unsubscribe from push notifications in the settings of the app in your operating system. Your data will be deleted as soon as it is no longer necessary for the purpose of its collection. Therefore, your data will be stored as long as the subscription for our push notifications is active.
12) Tools and Miscellaneous
Google Web Fonts
This app uses so-called web fonts from the following provider for the uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
When using this app, the required web fonts are loaded to correctly display texts and fonts and establish a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.
Data may also be transmitted to: Google LLC, USA.
The processing of personal data in the context of establishing a connection with the font provider is only carried out if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent given at any time with effect for the future by deactivating this service via the “Cookie Consent Tool” provided in the app. If your browser does not support web fonts, a default font will be used from your computer.
For data transfers to the USA, the provider has joined the EU-US Privacy Shield Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.
13) Rights of the Data Subject
13.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-Ã -vis the controller regarding the processing of your personal data, about which we inform you below:
Right of access pursuant to Art. 15 GDPR: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information regarding the processing purposes, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure, restriction of processing, objection to processing, lodging a complaint with a supervisory authority, the origin of your data if it was not collected from you, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing, and your right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR when your data is transferred to third countries;
Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed;
Right to erasure pursuant to Art. 17 GDPR: You have the right to obtain the erasure of personal data concerning you without undue delay if one of the grounds specified in Art. 17 para. 1 GDPR applies. However, this right does not apply if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to obtain the restriction of processing of your personal data for as long as the accuracy of your data, which you contested, is verified, if you object to the erasure of your data because of unlawful processing and instead request the restriction of the processing of your data, if you need your data for the establishment, exercise, or defense of legal claims after we no longer need these data for the fulfillment of the purposes, or if you have objected to processing pursuant to Art. 21 GDPR pending the verification of whether our legitimate grounds override yours;
Right to notification pursuant to Art. 19 GDPR: If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients;
Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transmission of those data to another controller, where technically feasible;
Right to withdraw consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of your data at any time with effect for the future. In the event of withdrawal, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
Right to lodge a complaint pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
13.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
14) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and, if applicable, additionally by the respective statutory retention period (e.g., commercial and tax retention periods).
If personal data is processed based on an express consent pursuant to Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.
If there are legal retention periods for data processed within the framework of contractual or similar legal obligations based on Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after expiry of the retention periods, provided they are no longer required for the performance of the contract or for the initiation of contracts on our part and/or there is no longer a legitimate interest on our part in further storage.
If personal data is processed based on Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If personal data is processed for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise stated in the specific processing situations described in this statement, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.