Privacy policy for the Hand Letters apps
§ 1 General
We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy applies to our Apple app (hereinafter referred to as “APP”). It explains the type, purpose and scope of data collection in the context of APP use. We would like to point out that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
(1) Responsible body
The controller responsible for data processing in the context of this APP is:
Hand Letters Gesellschaft für digitale Schreibsysteme UG (haftungsbeschränkt)
Michaelkirchplatz 1-2
10179 Berlin
Germany
Website: www.handletters.de
Phone: +49 30 89626477
Email: support@handletters.de
(2) Data protection officer
You can reach our data protection officer at:
Ivo Wessel
Michaelkirchplatz 1-2
10179 Berlin
Germany
Website: www.handletters.de
Phone: +49 30 89626477
Email: support@handletters.de
(3) General storage period of personal data
Unless otherwise stated or specified in this privacy policy, the personal data collected by this APP will be stored until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. If there is a legal obligation to store the data or another legally recognised reason for storing the data (e.g. legitimate interest), the personal data concerned will not be deleted before the respective reason for storing the data no longer applies.
(4) Legal basis for the storage of personal data
The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If we process your data, this is regularly done on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, for the purpose of contract fulfilment in accordance with Art. 6 para. 1 lit. b GDPR (e.g. when using in-app purchases or the use of other paid app functions) or on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, which are always weighed against your interests (e.g. in the context of advertising measures). The relevant legal bases will be specified separately in this privacy policy.
(5) Encryption
This APP uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the APP operator or the communication between APP users. This encryption prevents the data you transmit from being read by unauthorised third parties.
(6) Changes to this privacy policy
We reserve the right to amend this privacy policy at any time in compliance with legal requirements.
§ 2 Your rights
The GDPR grants data subjects whose personal data is processed by us certain rights, which we would like to inform you about here:
(1) Revocation of your consent to data processing
Many data processing operations are only possible with your consent. We will expressly obtain this from you before commencing data processing. You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out up to the revocation remains unaffected by the revocation.
RIGHT TO OBJECT TO THE COLLECTION OF DATA IN SPECIAL CASES AND TO DIRECT MARKETING (ART. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASES ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS THE PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING.
(2) Right to lodge a complaint with a supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
(3) Information, deletion and removal
You have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing as well as a right to correction or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.
(4) Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
- If you have lodged an objection in accordance with Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
(5) Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
§ 3 Access rights of the app
In order to provide our services via the APP, we require the access rights listed below, which enable us to access certain functions of your device.
Email address:
An email address is required to uniquely identify a user's account. Mails from a user only receives mails from us if the user forgets their password and requests a new temporary one. This will be sent to this address. The user also receives an e-mail when registering in order to to verify this. The email address is never visible in the app, and it is not shared with third parties, communicated to third parties.
Camera:
So that the 10-digit invitation code can not only be entered, there is a QR code scanner in the app. QR code scanner in the app. This requires access to the camera. As soon as the scanner is closed is closed, the camera can no longer be accessed. The first time the scanner is called up, a user can also prohibit this access and, if necessary, allow it again in the system settings.
Device token:
For sending a notification (push notification) in the event that an invitation sent by the user is accepted by the invitation sent by the user is accepted by the recipient or a user receives a hand letter, the so-called “device token” of the device is stored in the database. This is used to send messages. In principle, the device token is saved for all of a user's devices on which the Hand Letters app has been installed and for which the messages have been authorised. The permission can be revoked or granted at any time in the system settings. The The type of message can also be configured there.
User data:
Pure user content such as invitations, hand labels and device tokens are stored in the database. stored in the database. A user can log out of the system at any time; all their data will then be deleted immediately.
Other data:
No data on product interaction, location or data from other apps such as the address book is recorded and read. No diagnostic data is collected either. There is no third-party advertising and no tracking in the app. Access to the device functions is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG and – if a contract has been concluded – the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b GDPR).
§ 4 Collection of personal data in the context of APP use
(1) General
When you use our APP, we collect the following personal data from you:
- Email-Address
- Usage data
- Device identification
The processing of this personal data is necessary to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG and – if a contract has been concluded – the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b GDPR).
The storage period for the data collected in this way is regulated as follows:
(2) Enquiry within the APP, by email, telephone or fax
If you contact us (e.g. via the contact form within the app, by email, telephone or fax), your enquiry, including all resulting personal data (e.g. name, enquiry), will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us. The data you send to us via a contact request will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected. We will not pass on your data without your consent.
§ 5 Upload of illegal content
Content that does not comply with media communication laws or similar regulations may be deleted without prior notice. We reserve the right to delete the user profile in such cases. Uploading such content is generally prohibited.
As at: February 2024