The fodjan App (hereinafter “App”) is provided by fodjan GmbH, Großenhainer Str. 101 in 01127 Dresden, (hereinafter “we” or “us”) as the responsible party within the meaning of the German Data Protection Regulation (GDPR). With the following data protection information, we would like to inform you about all data processing that is carried out when using our app. We are legally obliged to inform you in a transparent and easy-to-understand manner, but must also comply with the legal requirements for complete data protection information.
Our data protection information always describes the current technical status of our app. For this reason, we may adjust some parts of this text from time to time. We, therefore, recommend that you view the data protection information regularly.
Download of the app
When you download our app, certain required data is transmitted to the app store you have selected (e.g. Google Play Store or Apple App Store); in particular, the user name, the e-mail address, the time of the download, payment information and the individual device identification numbers may be processed. We have no influence on the collection and processing of this data, which is carried out exclusively by the app store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the provider of the respective app store.
Processing of device information
In order to be able to use the full range of functions of our app, you must grant the app permission to use the internet connection. When retrieving and sending information from or to the fodjan cloud platform, it is necessary for technical reasons to process some device information (access data), including the storage of information on the respective end device.
The access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of the retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, app crash, browser type and operating system. This access data is processed in order to offer you the respective functions of the app and to ensure stability and security, so that it is processed by us on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR as well as § 25 para. 2 of the German TTDSG. All access data is deleted after seven days at the latest.
Registration and profile
The use of the app requires the registration of a user account. During registration, information about you and your company is requested, which is mandatory for the use of the fodjan app in accordance with the current scope of functions (Art. 6 para. 1 sentence 1 lit. b) GDPR) and which can be provided on a voluntary basis (Art. 6 para. 1 sentence 1 lit. a) GDPR). Mandatory data within the scope of registration are marked accordingly and are mandatory for the conclusion of the user contract. The app cannot be used without the provision of this personal data.
Registration and verification of user accounts is done by providing an email address and password, which we store only in hashed form. We use this mandatory information to authenticate your login and to follow up on password reset requests. The data you enter during registration or login will be processed and used by us to:
- Verify your authorization to manage the user account;
- to contact you in order to send you technical or legal information, updates, security messages or other messages concerning, for example, the administration of the user account.
This data processing is justified by the fact that the processing is necessary for the performance of the contract between you and us pursuant to Art. 6 (1) sentence 1 lit. b) GDPR for the use of the app or we have a legitimate interest in ensuring the functionality and error-free operation of the app, which in this respect outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) sentence 1 lit. f) GDPR.
The deletion of your data for the provision of contractual services takes place after the expiry of legal warranty and comparable obligations. In the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (six years) and tax law (ten years) retention obligation). The invoices within the app remain there until they are deleted. Information provided voluntarily can be deleted by you as a user at any time.
When using the contact form, we process the personal data provided by you, in particular the name, the e-mail address and your expressed request, in order to clarify your request. Your request is processed in order to fulfil our obligations arising from the user relationship of the fodjan app (Art. 6 para. 1 sentence 1 lit. b) GDPR) or in order to be able to offer you and us targeted support as quickly as possible (Art. 6 para. 1 sentence 1 lit. f) GDPR).
The personal data you provide will be treated confidentially, will only be used to process your request and will not be passed on to third parties unless this is necessary in individual cases due to the nature of your request. The deletion of personal data takes place after the final clarification of your request or due to an objection by you. The deletion periods described here only apply insofar as no legal retention periods prevent deletion.
Use of tracking and third party providers
Of course, it is our goal to make the app available as error-free and comfortable as possible. In order to be able to evaluate crashes and errors, it is necessary that we create and use error reports. We are aware that such tracking comes with a high level of responsibility. For this reason, we have set up the app’s procedure to be as data-saving as possible. We use the following services:
Firebase is a development platform from Google that provides a number of functionalities that are absolutely necessary for the technically flawless operation of the app or that are required for the error-free provision of the app (Art. 6 para. 1 sentence 1 lit. b), f) GDPR, § 25 para. 2 of the german TTDSG) or that we use on the basis of your consent for error analysis and optimisation of the app (Art. 6 para. 1 sentence 1 lit. a) GDPR, § 25 para. of the german1 TTDSG). These are the following functionalities:
- Firebase Cloud Messaging: This service can be used to determine to which end devices certain messages should be sent, using Firebase installation IDs. The personal data processed in this way is deleted from live and backup systems within 180 days. The use is based on your consent.
- Firebase Crashlytics: This service uses device and app information (e.g. Crashlytics installation UIDs, crash traces, break pad minidump formatted data) to collect technical information about crashes and to show how many users are affected by a crash. The information is stored for up to 90 days. The use is based on your consent.
- Firebase Performance Monitoring: Performance Monitoring uses Firebase installation IDs to calculate the number of unique Firebase installations accessing network resources to ensure that access patterns are sufficiently anonymous. It also uses Firebase installation IDs with Firebase Remote Configuration to manage the rate of performance event reporting. In addition, it uses IP addresses to associate performance events with the countries from which they originate. Installation and IP-related events are retained for 30 days, and deletion of anonymised performance data occurs after 90 days. The use is based on your consent.
- Firebase Remote Configuration: This service uses the Firebase installation IDs to select configuration values that are returned to the users’ devices. The information is stored for up to 180 days. The use is technically necessary for the provision of the app.
- Google Analytics for Firebase: This service collects the following types of data: Number of users and sessions, session duration, operating systems, device models, region, first time launches, app executions, app updates, in-app purchases. Some of this data is linked to the advertising IDs stored on the devices and used to provide analysis and attribution information. The information is stored for two to 14 months. The use is based on your consent.
Taking into account various functional and security aspects as well as existing risks in the transfer of personal data to third countries subject to data protection law, we have opted for Firebase from Google, a globally active company. Since the level of data protection in other parts of the world does not correspond to that of the European Union or Germany, we have concluded contracts with Google under data protection law (contract for commissioned processing, standard contractual clauses (Art. 46 para. 2 lit. c GDPR)). In addition, we ensure data-saving operation in the development of the app and only transfer data when it is absolutely necessary. You can find more information about data processing by Google Firebase here.
Data subject rights and contact with the data protection officer
Data subjects may at any time request information about the personal data concerning them and, if necessary, request rectification or deletion or restriction of processing, or object to processing. There is also a right to data portability in their favour. Furthermore, if the data processing is carried out on the basis of consent, this can be revoked at any time for the future. To exercise your rights, please contact our data protection officer at firstname.lastname@example.org.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if it is suspected that the personal data is being processed unlawfully.