Thank you for your interest in our company. The protection of personal data is particularly important to us, which is why we would like to provide you with detailed information about the processing of your personal data. The processing of personal data always takes place on the basis of the legal regulations, in particular the General Data Protection Regulation (GDPR) and the applicable country- specific data protection laws. With this declaration, we inform you about the type, scope and purpose of the data collected, used and processed and clarify those affected by the data processing about the rights to which they are entitled. As a company and as the person responsible for processing, we have taken extensive technical and organizational measures to ensure the highest possible level of protection for the personal data processed.
Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
app and move GmbH
Leipziger Strasse 1
Phone: +49 6422 204 069 044
General information on data processing
In our data protection declaration, we use various terms which are based on the legal basis and which are explained below in order to make our data protection declaration simple and easy to understand. For the purpose of this data protection declaration, the term means:
"personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or one or more special features that express the physical , physiological, genetic, mental, economic, cultural or social identity of that natural person;
"Processing" means any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data, such as collection, recording, organisation, ordering, storage, adaptation or modification, reading out, querying, use , disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction;
“restriction of processing” the marking of stored personal data with the aim of restricting their future processing;
"Profiling" any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects related to work performance, economic situation, health, personal Analyze or predict that natural person's preferences, interests, reliability, behaviour, location or relocation;
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data not attributed to an identified or identifiable natural person;
"Responsible person" means the natural or legal person, public authority, institution or other body that alone or jointly with others decides on the purposes and means of the processing of personal data, the purposes and means of this processing are specified by Union law or the law of the Member States , the person responsible or the specific criteria for his nomination can be provided for under Union law or the law of the Member States;
"Processor" a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
"Recipient" means a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not Member State law may receive personal data but are not considered recipients; the processing of this data by said authorities is carried out in accordance with the applicable data protection regulations, according to the purposes of the processing;
“third party” a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data;
"Consent" of the data subject means any voluntary, informed and unequivocal expression of will in the specific case, in the form of a declaration or other clear affirmative action, with which the data subject indicates that they have consented to the processing of their personal data agrees;
2) Scope of processing of personal data
In principle, it is possible to use our website without providing personal data. In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.
3) Legal basis for processing personal data
Insofar as we obtain the consent of the person concerned for the processing of personal data, Art.6 Para.1 lit.a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is required to fulfill a contract to which the data subject is a party, Art.6 Para.1 lit.b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art.6 Para.1 lit.c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art.6 Para.1 lit.d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Art.6 Para.1 lit.f GDPR serves as the legal basis for the processing.
As a responsible company, we do not use profiling or any other automated decision-making.
4) Data erasure and retention period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
use of our offer
Provision of the website and creation of log files
Description and scope of data processing, legal basis, purpose and storage period
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected here:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the log files is Art.6 Para.1 lit.f GDPR. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing according to Art.6 Para.1 lit.f GDPR also lies in these purposes. After the purpose for which they were collected has been achieved, the data will be deleted or made anonymous so that it is no longer possible to assign the called client. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Description and scope of data processing, legal basis, purpose, storage period, possibility of revocation and elimination
a) We use technically necessary cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is usually stored and transmitted in the cookies:
b) If we also use (technically unnecessary) cookies on our website, which enable an analysis of the surfing behavior of the user, the following data can usually be transmitted in this way:
-Entered search terms
-Frequency of page views
-Use of website functions
-Acquisition of language settings
-Remembering search terms
- Remembering general settings for cookies
We give our visitors the opportunity to register on our site using a contact form. The personal data that is visible from the input mask is only collected and stored for the use of our offer. In the event
that a third party misuses your data, we store the IP address, the time and the date of registration as a safeguard in order to clarify the misuse if necessary. The transfer of your data to third parties is fundamentally excluded. The data collected elsewhere will not be compared with this data. Registered visitors have the option at any time to change the personal data they have entered or to delete them completely from the database.
You are free to contact us at any time via a contact form or by e-mail to express your wishes and goals. The data voluntarily provided by the user in this case will be stored in our database for processing and deleted after the purpose of processing has been achieved. The transfer to third parties and a comparison with other data is excluded.
receipt of our newsletter
Our website includes the option of subscribing to our newsletter. We hereby inform you at regular intervals about offers, news and events and other significant events. The newsletter can only be received if the personal data required and marked as necessary on the registration page, the e-mail address is sufficient, are entered and registration takes place. We use the so-called double opt-in (DOI) procedure to ensure that the newsletter is sent in a consensual manner. In the course of this, the potential recipient is initially only temporarily included in the mailing list. The potential recipient then gets through
a confirmation e-mail gives you the opportunity to confirm your registration in a legally secure manner. Only if the confirmation is given will the address be actively included in our mailing list and you agree to receive it. When you register for the first time, we save the following information, which is necessary to document and prove a legally secure registration:
- IP address
– Date and time of registration
The data will only be used to send the newsletter. The receipt of the newsletter can be canceled at any time and you can revoke your consent. You will find a corresponding link in every newsletter. It is also possible to unsubscribe from the newsletter on the website. Shipping can be done by a shipping service provider. The shipping service provider works for us on the basis of an order processing contract and can use the data in pseudonymised form to improve its offer or for statistical purposes. A use for the purpose of direct contact or a transfer to third parties does not take place on the part of the shipping service provider. Further information on the shipping service providers can be found here.
Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg
Newsletter2Go GmbH, Koepenicker Str. 126, 10179 Berlin
Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The
Data protection for applications and in the application process
Applicant data is electronically recorded, stored and processed for the purpose of processing an application process. This is particularly the case if the application is made electronically, for example by e-mail. If an employment contract is concluded, the data will continue to be recorded and stored by us in your personnel file in compliance with the legal regulations for the usual organizational and employment relationships. If there is no employment contract with the applicant, the applicant data will be automatically deleted from the database after the announcement of the rejection. Unless there are special legal conditions, such as the burden of proof under the General Equal Treatment Act, which make longer storage necessary or if you have expressly consented to longer storage in the application process.
Use of Facebook, Google+, Instagram, LinkedIn, Pinterest, Twitter, Xing, Youtube.
If we use plugins from the social networks Facebook, Google+, Instagram, LinkedIn, Pinterest, Twitter, Xing, Youtube on our website, you can recognize the respective plugins by the corresponding company logos. By calling up our website, a connection can be established between your computer and the social media provider via the respective component of the above-mentioned social media plugin and, if necessary, assigned. If you are logged in to one of the above services while visiting our site, the provider of the relevant service may be able to determine and assign your user name and your real name from the information transmitted.
The servers of the above services are located both in the United States and in other countries of the European Union. You should therefore be aware that the respective companies are subject to their country-specific data protection and general personal data are not protected as is the case in the member states of the European Union.
Accordingly, Facebook receives information about your data when you visit our site, for example if you click the "Like" button while you are logged in to Facebook. This results in a clear assignment to your account.
For example, to assign Google+ you need a Google account, for which you must have registered in advance. When using our offer and the simultaneous use of Google+, an assignment of e.g. the following information can take place.
your IP address
The date and time our website was accessed
The address of the website where the attached link is located Information about the operating system and browser
The Xing Share button, for example, does not store any personal data. Xing evaluates neither your IP address nor user behavior. However, if you are logged in to Xing at the time of your visit, your account information may be used to establish a link to your visit to our site.
You should know that we have no control over the sharing of your data by the providers of the social networks mentioned above.
Further information on the individual social media services can be found here:
facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Instagram LLC 1601 Willow Rd Menlo Park CA 94025 USA
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
XING SE, Dammtorstrasse 30, 20354 Hamburg
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Use of Google AdSense
Use of Google Analytics with anonymization function
usage. The IP address transmitted as part of Google Analytics will not be merged with other Google data. You have the option of turning off the storage of cookies by setting your browser software accordingly. If this is the case, we must point out that various functions of this website may not be able to be used to their full extent. You can also use a deactivation browser plugin to prevent the storage of the data generated by the cookie, including your IP address, by Google and the processing of this data. Further information and more detailed explanations can be found under the link: https://tools.google.com/dlpage/gaoptout?hl=de
Use of Google Remarketing
Use of Google AdWords
The most important part of Google AdWords are keywords. With their help, an advertiser can specify in advance that an ad should only be displayed in the results of a search for the specified terms or thematically appropriate pages. This should enable targeted alignment with the interests of the visitors and reduce wastage to a minimum. In addition, negative keywords can also be defined, for which the ad is not displayed. Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is the operator of the service. With AdWords it is possible to present the user with search-relevant ads. If a person has been directed to our website via a Google ad, a conversion cookie will be set on the user's browser. This enables both us and Alphabet Inc. to track whether a sale of certain products has taken place or a sales process has been canceled using these AdWords ads. Conversion cookies do not receive any information about the person concerned and are automatically deleted within 30 days. The information generated by the conversion cookies is used by Google to generate visitor statistics. With the help of these statistics, it is possible to determine the number of users who were directed to our website by the AdWords ads. Conversion cookies store information about the person who visited the site. This data, including the IP address, is transmitted to Alphabet Inc. in the USA and may be passed on to third parties. The storage of cookies can be prevented by making the appropriate settings. You can delete cookies yourself at any time. Further information and more detailed explanations can be found under the link: https://www.google.de/intl/de/policies/privacy/
Use of Google Fonts
On this website you will find the use of Google Fonts. Google Fonts is a service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Web fonts are
intended for browser-based digital texts, which are usually requested from an external web server and added to the browser when a website is called up, not from the local font collection on a computer. The use of Google Fonts is not authenticated. The website visitor does not send cookies to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains fonts.googleapis.com or fonts.gstatic.com, so your requests for fonts are separate from other information you send to google.com and do not include any other information. The anonymized request information is deleted after 24 hours. Further information and more detailed explanations can be found under the link: https://policies.google.com/privacy?hl=de
Use of Google Maps
We use the Google Maps function on our website. Google Maps is a service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Maps enables us to visualize geographic information. When you visit our website, Google sets a cookie that makes it possible to process user settings and data. If you do not delete this cookie manually, it will normally be deleted itself after a certain period of time. If you do not agree to the processing of your data, you have the option of deactivating the Google Maps service by making the appropriate settings. For this you have to disable the Java script function in your server. However, we would like to point out that you will then not be able to use the full extent of the Google Maps function. Further information and more detailed explanations can be found under the link: https://policies.google.com/privacy?hl=de
Use of payment service providers (payment services)
When paying via PayPal, credit card via PayPal, direct debit via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), further. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing. Further information and more detailed explanations can be found under the link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
If you decide to use a payment method offered by the payment service provider "Stripe", the payment will be processed by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will forward the information you provided during the ordering process along with the information about your order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Paragraph 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. Further information and more detailed explanations can be found under the link: https://stripe.com/de/privacy#translation.
Blog with comment function (and subscription)
On our website it is possible to leave your own comments on blog posts. A blog is a publicly accessible journal in which users ("bloggers"), sorted chronologically, record ("post") facts or write thoughts or keep records. These "posts" can usually be commented on by third parties. If a user posts a comment, the comment, username and IP address will be saved until the blog is deleted. The storage is based on our legitimate interest in recognizing and assigning illegal contributions or illegal comments for liability reasons. In principle, data will not be passed on unless this is required by law or required for legal defense.
The comments left can be subscribed to by other users with their consent, so that there is the possibility of receiving subsequent comments. If a user decides to subscribe to comments, we use the so-called double opt-in procedure to send an e-mail with instructions on revocation in order to check whether the subscriber is the owner of the e-mail address provided. Subscribing to comments can be terminated at any time and consent revoked.
Our app uses the "Firebase" tracking service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Firebase uses tracking mechanisms that allow the app to be analyzed, e.g. for performance monitoring, troubleshooting and usage analysis. The purpose of use is to analyze and improve the use of our app. With Firebase, information about the use of the app is collected and transmitted to Google Ireland or Google USA and stored there. The data is collected and transmitted anonymously. The link with other user data does not take place.
Google will use this information to evaluate the use of the app.
For personal data that is transferred to the USA, Google has submitted to the EU-US Privacy Shield: www.privacyshield.gov/participant.
You can find more information about Google Firebase and data protection at www.google.com/policies/privacy/ and firebase.google.com.
rights of the data subject
If we process your personal data, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1.) Right to information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us. If such processing is present, you can request information from the person responsible for the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.
2.) Right to Rectification
You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3.) Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
(1) if you dispute the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed. If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4.) Right to deletion / obligation to delete
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a DSGVO and there is no other legal basis for the processing.
(3) You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
(4) The personal data concerning you was processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
(6) The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
information to third parties
If the person responsible has made the personal data relating to you public and is obliged to delete it in accordance with Art , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller became;
(3) for reasons of public interest in the field of public health in accordance with Art.9 Para.2 lit.h and i as well as Art.9 Para.3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para
(5) to assert, exercise or defend legal claims.
5.) Right to Information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6.) Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that
(1) the processing is based on consent pursuant to Art. 6 Paragraph 1 lit. a GDPR or Art. 9 Paragraph 2 lit. a GDPR or on a contract pursuant to Art. 6 Paragraph 1 lit. b GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.
7.) Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
8.) Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
9.) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.
The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.