App Data Privacy


Foolography ENTAGGED

Data privacy notice for use of ENTAGGED
Updated 28.02.2019
The following data privacy notice explains how your data is collected and processed when you use ENTAGGED.
By accepting the terms of this data privacy notice, you consent to your data being processed.


RESPONSIBILITY FOR DATA PROTECTION

In accordance with data protection law, the following entity is responsible for data collection and data processing in this app:

Foolography GmbH
Greifswalder Str. 9
10405 Berlin
info(at)foolography.com

Under the terms of data protection law, not only Foolography GmbH, but also our respective cooperation partners are jointly responsible for some of the data processing tasks listed below. You are therefore able to exercise certain rights directly with the respective cooperation partner. You can find the necessary information relating to this in the relevant parts of this data privacy notice.


RELEVANT LEGAL BASIS

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the affected person or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.


DATA SECURITY

To ensure that your data is secure during transfer, we use state-of-the-art encryption methods in this app in accordance with Art. 32 GDPR.


REQUIRED APP PERMISSIONS

We require the following permissions from you in order that you can use the ENTAGGED-Hardware together with the ENTAGGED-App. We will use the data that we have access to as part of this authorization only for the stated purposes. We do not collect any data that we do not actually need for the stated purposes.

BLUETOOTH®
Bluetooth® is used to establish a connection between your smartphone and the ENTAGGED-Hardware. This hardware needs to be be plugged into a working and compatible (a complete compatibility list can be found at www.foolography.com) DSLR. Thus you’ll be able to scan a 1D or 2D code with the ENTAGGED-App and save that code in the photo’s metadata directly in camera. With the ENTAGGED-App you’ll also be able to pair an external scanner with the ENTAGGED-Hardware.


PROCESSING OF NON-PERSONAL DATA WHEN USING ENTAGGED (APP & HARDWARE)

Non-personally identifiable information in this sense is information collected or processed for solely statistical purposes (e.g. about the usage behaviour within the app), which cannot be traced back to a natural person.

Firebase-ANALYTICS
We want to understand how ENTAGGED users use our app, so that we can continually improve it.
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our app offer within the meaning of Art. 6 (1) lit. GDPR), we use Firebase Analytics, an app analytics service provided by Google LLC („Google“). Firebase uses so-called „instance IDs“. The information generated by those IDs about the use of the app are usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) .
Firebase will use this information on our behalf to evaluate the use of our app by users, to compile reports on the activities within the app – such as: Time when you open the ENTAGGED app, your behavior within the app (eg, selecting a setting), duration of app use or time spent in certain app areas, device information (eg information about the operating system and the app version) – and to provide us with other services (eg information about app crashes) related to the use of this app. In this case, pseudonymous user profiles of the processed data can be created. However, all this information is processed completely anonymously, so that no conclusions can be drawn to your person. Consequently, we only use Firebase Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Firebase within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address submitted by the user’s app will not be merged with other Google data.
In addition to the „Instance ID“ described above, Google also uses the advertising ID of the device for Firebase Analytics. In the device settings of your mobile device you can limit the use of the advertising ID. For Android: Settings> Google> Ads> Reset Advertising ID For iOS: Settings> Privacy> Advertising> No Ad Tracking
We do not use Firebase services that use personally identifiable information, such as IP addresses, e-mail addresses, telephone numbers or passwords. For more information about Firebase’s privacy and security, visit: https://firebase.google.com/support/privacy/.


PUSH NOTIFICATION

Push messages allow us to keep you up-to-date with regards to the current process of certain features, such as the scanning mode, as well as possible errors and problems that might occur during the scanning so you can make necessary adjustments. In addition, it is possible for us to inform you in the fastest possible way about new features, updates as well as malfunctions. If you wish to forgo receiving this exclusive information, you can disable push notifications in your smartphone settings at any time (Home screen -> Settings -> Notifications).


TRANSFER OF YOUR DATA TO THIRD PARTIES

If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if a transmission of the data to third parties pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), if you have consented to a legal obligation or based on our legitimate interests.
If we commission third parties to process data on the basis of a so-called „data-processing-agreement“, this is done on the basis of Art. 28 GDPR.


TRANSFER OF YOUR DATA TO THIRD PARTIES

If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. i.e. the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called „standard contractual clauses“).


YOUR RIGHTS WITH REGARD TO FOOLOGRAPHY

We would like to inform you briefly about the data protection rights that you can exercise against Foolography:

RIGHT TO INFORMATION
According to Art. 15 GDPR you have the right to receive information about the personal data stored by us at any time. Please send us an e-mail to info(at)foolography.com.

RIGHT TO RECTIFICATION
Foolography may only process applicable data about you. If you – for example, by exercising your right to information – find out that something about you is inaccurate or has become inaccurate, we are basically obliged under Art. 16 GDPR to rectify it immediately. In accordance with Art. 20 GDPR, you also have the right to demand the data relating to you that you provided to us. You may also request their transmission to other persons responsible.

CANCELLATION RIGHT / RIGHT TO RESTRICTION OF PROCESSING: BLOCKING RIGHT
The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. If the data will not be deleted because it is required for other and legitimate purposes, its processing will be restricted i.e. the data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.
According to legal requirements in Germany, the storage takes place for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, relevant for taxation Documents, etc.) and 6 years in accordance with § 257 (1) no. 2 and 3, para. 4 HGB (commercial letters).

WITHDRAWAL
You have the right to revoke the granted consent with effect for the future according to Art. 7 (3) GDPR.

OBJECTION
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.

RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY
You have acc. to. Art. 77 GDPR the right to file a complaint with the competent supervisory authority.


CONTACTING FOOLOGRAPHY’S DATA PROTECTION OFFICER

If you have any questions or concerns about privacy or our privacy policy, please contact us at the following e-mail address: info(at)foolography.com.


AMENDING THE DATA PRIVACY NOTICE

We reserve the right to occasionally make changes to those parts of this data protection declaration that do not require consent, so that it always corresponds to the current statutory requirements or to implement changes to our services in the data protection declaration. The new data protection declaration shall then be applicable upon your new visit. If your prior consent is required for a change to our services or for introducing new services, we shall inform you accordingly at the right time and request for your consent.