Privacy policy for Applications (Apps)

The following information applies to all our applications (apps). The use of these apps may involve the processing of personal information. Our intention is for the following information to provide you with an overview of these processes so that you can understand them. In order to ensure fair processing, we would also like to inform you about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

Christoph Mahlke, Sieker Landstraße 95, 22927 Großhansdorf, Germany (hereinafter referred to as “we” or “us”) is responsible for the data processing.

Contact

If you have any questions or suggestions about this information or would like to contact us to exercise your rights, please contact us via the contact information given in our impressum.

General information on the processing of personal data

The use of the products and services we offer may result in the processing of personal data. The term “personal data” under data protection law refers to all information relating to a specific or identifiable person. An IP address can also be considered personal data. An IP address is assigned to each device connected to the internet by the internet service provider, so that it can send and receive data. When you use the apps, we collect data that you provide yourself. In addition, when you use the app, we automatically collect certain information about your use of it. We process personal data in compliance with the relevant data protection regulations of the GDPR and the German BDSG. We will only process data where we are legally permitted to do so. When you use these apps, we will process personal data only with your consent (Art. 6 paragraph 1 sentence 1 letter a GDPR), for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Art. 6 paragraph 1 sentence 1 letter b GDPR), for compliance with a legal obligation (Art. 6 paragraph 1 sentence 1 letter a GDPR) or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 paragraph 1 sentence 1 letter f GDPR).

Duration of storage

Unless otherwise stated in the following sections, we will store the data only as long as necessary to achieve the purpose of processing or to fulfill our contractual or statutory obligations.

Transmission of data

Unless otherwise stated in the following sections, data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers will only process the data after having received express instructions and they are contractually obliged to guarantee adequate technical and organizational measures for data protection. Insofar as we refer to integrated services of other providers in this Data Protection Declaration, it can be assumed that personal data will be transmitted to the specified headquarters of these providers. These providers may be based in a so-called third country outside the European Union or the European Economic Area. Further information can be found in the sections describing each service.

Data collection during downloading

When downloading the app, no information is actively transferred by us to the app store involved (Apple App Store, Google Play, Amazon App Store, Samsung App Store, etc.). If you want to know what data is collected and processed by a given app store during the downloading process, please consult their privacy policy. We have no control over any data collection by app stores. They are solely responsible for the processing of any of your personal data within the meaning of Article 7(4) GDPR.

Access rights of apps

The app may require various access permissions from your device. These are required to maintain certain functionality of our apps. For example, if you only want to download updates using a wireless connection, the app needs access to your wireless connection. If you would like to purchase additional content via the app, we may need access to the interface required for your app store. Another example is what is referred to as “push notifications”, in which we can use an interface to display a message directly on your device. The access permissions on your mobile device are dependent on the operating system (e.g. Android, iOS, etc.) and the store where the app was purchased (e.g. Google Play Store, Apple App Store, Amazon, etc.). As a rule, you will receive information prior to the installation as to which access permissions are required by our app. The legal basis for the processing of technically necessary access permissions is Art. 6 paragraph 1 sentence 1 letter b GDPR. All further access permissions are based on Art. 6 paragraph 1 sentence 1 letter f GDPR. Under “Settings” in Apple iOS, you can get an overview at any time of the content that our apps can access. You can restrict these access permissions at a later point in time. In Android, various access permissions are also needed on your mobile device. Under “Settings/Apps” you can subsequently check the access rights of our apps.

Contact form

Our app may contain a contact form with which you can send us messages. The transfer of your data is encrypted. The legal basis for processing this data is Art. 6 paragraph 1 sentence 1 letter b GDPR. All data fields marked as mandatory are required for the execution of the contract. If they are not provided, the contractual services cannot be carried out. The provision of any additional data is voluntary. Alternatively, you can also send us a message to the contact e-mail address.

Registration and login

In order to use certain functions of the app, registration within the app may be required. Upon completion of the registration process, a contract of use is entered into. In the context of this use, only the information you provide is processed. This information can be seen on the registration screen. The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b GDPR. It is absolutely essential to provide the information marked as mandatory in order to establish the user relationship. The data provided will only be processed for the purposes stated in the terms of use and they will only be stored for the duration of use. You may terminate your use at any time by deactivating your user account.

External software development

We may use data processors for app development which might process personal data upon our instruction. We have entered into data processing agreements with all our processors. Some of our third party processors are located outside of the EU/EEA, with which we have concluded standard contractual clauses with these processors.

Processing app log files

If you use our services, general information (that is not used on a individual basis) is initially stored automatically, i.e. not through registration. For example, our web servers normally store the following information: IP, Device ID, Device Type, OS, time of the server request. The processing is carried out for the purposes of our legitimate interests, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter f GDPR. This processing is used for technical administration and the security within the app.

Google Marketing Services

On our app we use the marketing and re-marketing services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). These services allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through remarketing ads and products are displayed to users relating to an interest established by activity on other apps within the Google Network. For these purposes, a code is used by Google when our app is accessed and what are referred to as (re)marketing tags are incorporated into the app. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring apps, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated. All user data will only be processed as pseudonymous data. Google does not store any names or e-mail addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA. One of the Google marketing services we use is the online advertising program Google AdWords or AdMob. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users. We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner apps to place ads based on users’ visits to this app or other apps on the Internet. Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page:  https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google:  http://www.google.com/ads/preferences.

A transmission of your data to the USA cannot be excluded. We guarantee the adequacy of data transfer to the third country USA through the agreement of EU standard contractual clauses.

21. GOOGLE SDK (FIREBASE ANALYTICS)

We use the developer platform called “Google Firebase” as well as the associated functions and services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). Google Firebase is a platform for developing apps for mobile devices and websites. Google Firebase offers a variety of features, which are can be found on the following summary page: https://firebase.google.com/products/ The functions include the storage of apps, including users’ personal data, such as content they have created or information regarding their interaction with the apps. Google Firebase also offers interfaces that allow interaction between the users of the app and other services. The analysis of user interactions is carried out using the analysis service of Firebase Analytics. This service helps us to record our users’ interactions. Events such as the first time an app is opened, the uninstalling of an app, updates, crashes or the frequency of use of the app are recorded. Certain user interests are also recorded and evaluated. The information processed by Google Firebase may be used with other Google services, such as Google Analytics and Google marketing services. In this case, only pseudonymous information, such as the Android Advertising ID or the Advertising Identifier for iOS, will be processed to identify users’ mobile devices. Additional information on the use of data for marketing purposes by Google can be found on the summary page:  https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at  https://www.google.com/policies/privacy. The legal basis for use is Art. 6 paragraph 1 sentence 1 letter f GDPR. If users wish to object to interest-based advertising through Google marketing services, they can use the settings and opt-out options provided by Google:  http://www.google.com/ads/preferences.

A transmission of your data to the USA cannot be excluded. We guarantee the adequacy of data transfer to the third country USA through the agreement of EU standard contractual clauses.

Advertising in apps

In our apps advertisements are shown. This allows paid content, for example, to be used free of charge.

The advertising displayed through our partners is either personalized or non-personalized (context-related). The data you provide when using advertising media is collected and analyzed, which will be explained in more detail below. Our SDK service provider Admob by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland; “Google”) allows us to put this type of ad monetization into practice. This involves the following parameters being shared via an interface with the advertising networks: Advertising ID, IP address, browser, operating system, version, country, city, placement ID and bundle ID. The aim of this transmission of information is to display the best possible advertising material for the user. The SDKs for the advertising networks mentioned may possibly also process personal data, such as advertising ID and IP address, in order to be able to provide that advertising material.

The legal basis for the processing is our legitimate financial interests (Art. 6 paragraph 1 letter f GDPR). As a user, you can switch this form of personalized advertising off at any time in our app settings (opt-out). In such a case, all pseudonymous information is anonymized by us, meaning that only context-related advertising will be shown. You can also deactivate personalized advertising in the settings of your mobile device. In order to do this, please follow the instructions below:

Android

  1. Depending on your device, you can find the Google settings in one of the following locations:
    – In a separate app called “Google settings”
    – Scroll through your main app “Settings” and tap on Google
  2. Tap on “Ads”
  3. Tap on the toggle button next to Opt out of Ads Personalization

iOS

iOS devices use Apple’s Advertising Identifier. Further information on the different options for using this Identifier can be found in the Settings app of your mobile device. This can be found by:

  1. Opening “Settings”
  2. Selecting “Privacy”
  3. Selecting “Advertising”

Here you can choose between specific settings using a toggle button.

Your right to object

In accordance with Art. 21 GDPR, you have the right to object to any processing operations executed that use Art. 6 paragraph 1 sentence 1 letter e or letter f of GDPR as their legal basis.

Your additional rights

As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not, and to what extent, we process personal data about you.
  • You have the right to have us correct your data in accordance with Article 16 GDPR.
  • You have the right to have us delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Article 18 GDPR.
  • You have the right, in accordance with Article 20 GDPR, to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
  • You can exercise your rights by contacting us via our contact information given in our impressum.

Minor’s privacy

The Service is not targeted towards, nor intended for use by anyone under the age of 16. We do not collect personal data from any person we actually know is under the age of 16.

Data protection officer

You can reach our data protection officer at:
Christoph Mahlke, Sieker Landstraße 95, 22927 Großhansdorf

Complaints to government authorities

If you believe that the processing of your personal data constitutes an infringement of the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.  

California residents privacy statement

If you are a California resident, you may be able to exercise different / additional rights granted by California law in relation to the Personal Data / Personal Information about you that we have collected (subject to certain limitations). The CA Residents Privacy Statement can be found below.

To exercise these rights, to opt-out, or for any inquiries regarding how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”) please contact us via our contact information given in our impressum.
 

California residents privacy statement

Pickedshares California Privacy Rights Statement for Apps

This statement applies to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include certain de-identified or aggregated information, information publicly available in government records, or certain information excluded from the CCPA’s scope. “Personal Information” otherwise means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Sale of Personal Information. We do not sell your Personal Information to third parties. We do share Personal Information with third parties for the business and commercial purposes described in our privacy policy on top of this page, including without limitation advertising and marketing of the Services.

Your California privacy rights. Effective January 1, 2020, as a California resident, and upon your verifiable consumer request, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

Your Right to Know

You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months, upon verification of your identity.

The Right to Request Deletion

You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions. For example, we may retain information needed to resolve disputes, enforce our user agreements, protect our legal rights, and comply with technical and legal requirements and constraints, including tracking compliance with your deletion request.

The Right to Opt-Out of Personal Information Sales

We do not sell your Personal Information to third parties. You have the right to instruct us not to share the personal information we have collected about you to third parties, now or in the future.

The Right to Non-Discrimination

You will not be discriminated against for exercising any of the rights described above. However, if the exercise of your rights limits our ability to retain or process your personal information (for example, a deletion request), we may no longer be able to furnish the Services in the same manner, or at all.

“California Shine the Light Law”

Separate from the rights afforded by the CCPA, California residents that have an established business relationship with us have the right to know how their information is disclosed to third parties for direct marketing purposes under California’s “Shine the Light” law (Civ. Code § 1798.83).

Exercising your CCPA and other rights. You may exercise your California privacy rights described above by contact us via our contact information given in our impressum.

Note: We will need to verify your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not timely provide us with such verification or sufficient detail to allow us to understand and/or respond to requests.

Use of Request Agents. You are permitted to use an authorized agent to submit requests on your behalf where (i) you provide sufficient evidence to show that the requestor is an authorized agent with written permission to act on your behalf and (ii) you successfully verify your own identity with us.

Response Timing. We will respond to a consumer request for information or deletion within 45 days. If we require more time, we will inform you of the reason and revised timing in writing.

Minor Children. We do not sell the personal information of consumers we know to be less than 16 years of age. Children under 16 years of age are not permitted to register.

Updates. We may update this California Privacy Rights Statement from time to time. When we make changes to this California Privacy Rights Statement, we will amend the “Last Updated” date.