App Privacy Policy

App Privacy Policy

  1. Information About the Collection of Personal Data and Contact Details of the Controller

    1.1. We are pleased that you are using our application (hereinafter referred to as “App”). In the following, we inform you about the handling of your personal data when using our App. Personal data are all data with which you can be personally identified.

    1.2. The controller for data processing regarding this App within the meaning of the General Data Protection Regulation (GDPR) is Q4 Reach Labs GmbH, Berthold-Litzmann-Str. 12a, 80995 Munich, Germany, Tel.: +49 160 97706125, Email: privacy@q4rl.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

    1.3. For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this App uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

  2. Log Files When Using Our Mobile App

    When you download our mobile App from an App Store, the necessary information is transmitted to the App Store, particularly your username, email address, customer number of your account, time of download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile App to your mobile device.

    When using our mobile App, we collect the following personal data to enable convenient use of the functions. If you want to use our mobile App, we collect the following data, which are technically necessary for us to offer you the functions of our mobile App and to ensure stability and security:

    • Date and time of the request
    • Time zone difference to Greenwich Mean Time (GMT)
    • Content of the request
    • Access status/HTTP status code
    • Amount of data transferred in bytes
    • Source/referral from which you reached the page
    • Browser used
    • Language and version of the browser software
    • Operating system and its interface
    • IP address used (possibly in anonymized form)

    The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our App. The data will not be disclosed or used otherwise. However, we reserve the right to check the log files retrospectively if there are concrete indications of illegal use.

    Furthermore, we require your unique device number (IMEI = International Mobile Equipment Identity), unique subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), possibly MAC address for WLAN usage, and the name of your mobile device.

  3. Cookies

    To make our App attractive and enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device. Some of the cookies we use are deleted after closing the App (so-called session cookies). Other cookies remain on your device and allow us to recognize you (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

    Some cookies serve to simplify the App operation by saving settings. If personal data are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the App as well as a customer-friendly and effective design of the App usage.

    You can configure your mobile operating system and App settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, please note that in this case, you may not be able to use all functions of our mobile App.

  4. Contacting Us

    When you contact us (e.g., via contact form or email), personal data are collected. Which data are collected when using a contact form can be seen from the respective contact form in the App. These data are stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing these data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the final processing of your inquiry. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations.

  5. Data Processing for Contract Execution

    5.1. To process contracts concluded via the App, we collaborate with the following service providers who support us wholly or partially in executing concluded contracts. Certain personal data are transmitted to these service providers as per the following information.

    The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, provided that this is necessary for payment processing. Insofar as payment service providers are used, we explicitly inform you about this below. The legal basis for data disclosure is Art. 6 para. 1 lit. b GDPR.

    5.2. - Apple Pay

    If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment will be processed via the “Apple Pay” function of your device running iOS, watchOS or macOS by debiting a payment card stored with “Apple Pay”. Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code that you have previously specified and verify it using the “Face ID” or “Touch ID” function on your device. For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be forwarded to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment. If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time and whether the transaction was successfully completed. This anonymization completely excludes any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services. If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you have made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and deactivate “Allow payments on Mac”. You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027

6. comment function

As part of the comment function in our app, in addition to your comment, information about the time the comment was created and the commentator name you have chosen will be saved and published in this app. Your IP address is also logged and stored. The IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content by posting a comment. We need your e-mail address in order to contact you if a third party objects to your published content as unlawful. The legal basis for the storage of your data is Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties. You can subscribe to the follow-up comments as a user. You will receive a confirmation email to ensure that you are the owner of the email address provided (double opt-in procedure). The legal basis for data processing when subscribing to comments is Art. 6 para. 1 lit. a GDPR. You can unsubscribe from ongoing comment subscriptions at any time with effect for the future; for more information on how to unsubscribe, please refer to the confirmation email.

7. sending push notifications You can register to receive our push notifications. You will receive regular information about the services we offer via our push notifications. To register, you must confirm or allow the receipt of notifications in the settings of your operating system. This process is documented and saved. This includes saving the time of registration and your device identification. The collection of this data is necessary so that we can display the push notifications on the one hand and, on the other, so that we can trace the processes in the event of misuse and therefore serves our legal protection. This data is processed on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical survey described above at any time with effect for the future. To withdraw your consent, you can unsubscribe from the setting provided for receiving push notifications in your app settings in your operating system. Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your data will therefore be stored for as long as the subscription to our push notifications is active.

8. online marketing “Advertising identifier” We use the so-called “Advertising Identifier” (IDFA) for advertising purposes. This is a unique, but non-personalized and non-permanent identification number for a specific end device, which is provided by iOS. The data collected via the IDFA is not linked to other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate its use. If you activate the “No ad tracking” option in the iOS settings under “Privacy” - “Advertising”, we can only take the following measures: Measuring your interaction with banners by counting the number of times a banner is displayed without you clicking on it (“frequency capping”), click rate, determining unique usage (“unique user”) as well as security measures, fraud prevention and troubleshooting. You can delete the IDFS at any time in the device settings (“Reset Ad ID”), in which case a new IDFA will be created that will not be merged with the data collected previously. We would like to point out that you may not be able to use all the functions of our app if you restrict the use of the IDFA.

9 Rights of the data subject 9.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

  • Right to information pursuant to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;

  • Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us;

  • Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

  • Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

  • Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

  • Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;

  • Right to withdraw consent given in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

  • Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data relating to you infringes the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

    9.2 RIGHT TO OBJECT IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

  1. duration of storage of personal data The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law). When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you withdraw your consent. If there are statutory retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage. When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 para. 2 GDPR. Unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.