Data Protection Declaration for the azernis News App
Our data protection declaration is structured as follows:
- I. Scope of Application
- II. Responsibility for Data Protection
- III. Rights of Users and Data Subjects
- IV. Details on Data Processing
I. Scope of Application
This data protection declaration applies to the azernis News App Android as well as the azernis News App iOS and similar application programs of azernis GmbH. These programs are also referred to as ‘Services’.
Personal data (hereinafter mostly referred to as data) is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly service, including its contents and the services offered there.
According to Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as GDPR), processing refers to any operation or set of operations carried out with or without the aid of automated processes in connection with personal data, such as collection, recording, organization, arrangement, storage, adaptation or alteration, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. Furthermore, we inform you below about the third-party components used by us for optimization purposes and to increase the quality of use, insofar as third parties process data in their own responsibility.
II. Responsibility for Data Protection
- Responsible for data processing is:
- azernis GmbH
- Ahornweg 4
- 33014 Bad Driburg
- The data protection officer is Bernd Paulus, reachable at info@azernis.com.
III. Rights of Users and Data Subjects
With regard to the data processing described in more detail below, users and data subjects have the right
a) to confirmation as to whether data concerning them are being processed, to information about the processed data, to further information about the data processing, and to copies of the data (cf. also Art. 15 GDPR);
b) to correction or completion of incorrect or incomplete data (cf. also Art. 16 GDPR);
c) to immediate deletion of data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restriction of processing in accordance with Art. 18 GDPR;
d) to receive the data concerning them and provided by them and to transmit these data to other providers/controllers (cf. also Art. 20 GDPR);
e) to file complaints with the supervisory authority if they believe that data concerning them is being processed by the provider in violation of data protection provisions (cf. also Art. 77 GDPR).
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any correction or deletion of data or the restriction of processing, which takes place pursuant to Articles 16, 17 Para. 1, 18 GDPR. However, this obligation does not exist insofar as this notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Also, according to Art. 21 GDPR, users and data subjects have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purposes of direct advertising is permissible.
IV. Details on Data Processing
In this segment of the data protection declaration, we provide you with comprehensive information about the handling of personal data in the context of our services. To ensure better clarity, we structure this information according to specific functionalities of our services. During regular use of the services, various functionalities and thus different processing operations may be applied sequentially or simultaneously.
Basic Information on Data Processing
For all processing operations described below, unless otherwise stated:
a) Consent
In various situations, you have the option to give us your consent to the processing operations described below (possibly for part of the data). In this case, we will inform you separately about all modalities and the scope of the consent as well as the objectives we pursue with these processing operations in connection with the submission of the respective declaration of consent. The processing operations based on your consent are therefore not listed here again (Art. 13 Para.4 GDPR).
b) No Obligation to Provide & Consequences of Non-Provision
There is no legal or contractual obligation to provide personal data, and you are not obliged to provide data. We inform you during the input process if the provision of personal data is necessary for the respective service (e.g., by marking it as a mandatory field). For required data, non-provision means that the respective service cannot be provided. Otherwise, non-provision may result in our not being able to provide our services in the same form and quality.
c) Transfer of Personal Data to Third Countries
If we transfer data to third countries, i.e., countries outside the European Union, the transfer is carried out exclusively in compliance with the legally defined admissibility requirements. If the transfer of data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims, and there is also no exception according to Art. 49 GDPR, we will only transfer your data to a third country if an adequacy decision according to Art. 45 GDPR or appropriate guarantees according to Art. 46 GDPR exist.
d) Hosting by External Service Providers
A large part of our data processing is carried out with the involvement of so-called hosting service providers who provide us with storage space and processing capacities in their data centers and process personal data on our behalf according to our instructions. For all functionalities mentioned below, it may happen that personal data is transferred to hosting service providers. These service providers process data either exclusively in the EU or we have ensured an adequate level of data protection through the EU standard data protection clauses.
e) Storage Duration
In the section Storage Duration, it is indicated how long we use the data for the respective processing purpose. After this period, the data will no longer be processed by us but will be deleted at regular intervals unless continued processing and storage are legally provided for (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims) or you give us consent beyond that.
f) Transfer to Government Authorities
We transfer personal data to government authorities (including law enforcement agencies) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 lit. c) GDPR) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 Para. 1 lit. f) GDPR).
g) Designations of Data Categories
In the following sections, the following summary category designations are used for certain types of data:
Account data: Login/user identification and password
Personal master data: Title, salutation/gender, first name, last name, date of birth
Address data: Street, house number, possibly address additions, postal code, city, country
Contact Information: Phone number(s), Email address(es)
Registration Information: Information about the service you have registered for; times and technical information regarding registration, confirmation, and deregistration; data provided by you at the time of registration
Access Data: Date and time of your visit to our service; pages accessed and content used during your visit; session identification data (Session ID); additionally, the following information of the accessing computer system: used Internet Protocol address (IP address), browser type and version, device type, operating system, and similar technical information.
1. Processing of Personal Information when using our App
When using the mobile app, we process the personal information listed below about you, primarily to enable a pleasant use and to ensure the stability and security of the mobile app.
a) Purpose of data processing and legal basis as well as any legitimate interests, storage duration
Data Category: IP address; Operating system; Date and time of the request; Time difference to Greenwich Mean Time (GMT); Access status/HTTP status code; Content of the request; Device ID, Device type, device-specific settings and app settings as well as app properties, the amount of data transferred and the message whether the data exchange was complete, crash of the mobile app; MAC address for WLAN use; Name of your mobile device
Purpose: When using the mobile app, we process the above-mentioned personal information to make the technical use of the functions of our mobile app comfortable. In addition, we process the aforementioned data to ensure the stability and security of our mobile app. Legal basis: Art. 6 para. 1 lit. f) GDPR
Legitimate interest pursued by us: Proper provision of the functionalities of the mobile app as well as ensuring the stability and security of the mobile app.
Storage duration: We delete your personal information as soon as it is no longer needed for the purposes for which we process it. As a rule, we store your personal information per use of the mobile app for a period of up to twelve months after the end of the respective usage process. However, storage beyond the specified time may occur in the event of a (threatening) legal dispute with you or another legal procedure. Third parties commissioned by us (see under b)) will store your data on their system for as long as it is necessary in connection with the provision of the service for us according to the respective order. Legal requirements for the retention and deletion of personal information remain unaffected by the above (e.g., § 257 HGB or § 147 AO). When the storage period prescribed by legal regulations expires, the personal information is blocked or deleted, unless further storage by us is necessary and there is a legal basis for it.
b) Recipients of personal information
Recipient category: It may happen that we resort to commissioned service providers for individual functions of our mobile app. Like any larger company, we also use external service providers to handle our business transactions (e.g., in the areas of IT, logistics, telecommunications, sales, and marketing). These only act according to our instructions and have been contractually obliged according to Art. 28 GDPR to comply with data protection regulations. In addition; service providers for the operation of our mobile app and the processing of the data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 lit. b or lit. f GDPR, as far as it is not about order processors. Government agencies/authorities, as far as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 lit. b GDPR or lit. f GDPR.; Persons employed to conduct our business operations (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6 para. 1 lit. b GDPR or lit. f GDPR. Affected data: Depending on the service provider, various personal information according to the data categories specified under a) can be transmitted.
Legal basis: The legal basis for the transfer of your personal information to service providers for the operation of the mobile app is Art. 6 para. 1 lit. b or lit. f GDPR, as far as it is not about order processors. The legal basis for the transfer of your personal information to government agencies or authorities is Art. 6 para. 1 lit. c GDPR in conjunction with the respective relevant legal basis. The legal basis for the transfer to persons we need to conduct our business operations is Art. 6 para. 1 lit. b or lit. f GDPR.
2. Customer Feedback or Contacting Customer Service
Below we explain the processing of your personal information when you contact us with inquiries.
a) Purpose of data processing and legal basis as well as any legitimate interests, storage duration
Data Category: Personal master data; Contact data; Contents of inquiries/complaints
Purpose: Processing of customer inquiries and user complaints
Legal basis: Art. 6 para. 1 lit. b) and f) GDPR
Legitimate interests pursued by us: Service improvement; Customer loyalty
Storage duration: Duration of processing the request
3. Push Notifications via the Application
Below we explain the processing of your personal information when you subscribe to so-called push notifications via our services. You can activate or deactivate these push notifications at any time.
a) Purpose of data processing and legal basis as well as any legitimate interests, storage duration
Data Category: Browser ID, Device ID or Firebase Installations IDs, time of registration
Purpose: Delivery of push messages at the users request, documentation, and statistical evaluation of user registration
Legal basis: Art. 6 para. 1 lit. a) or b) GDPR
Storage duration: Duration of the subscription to push notifications
Legitimate interests pursued by us: Service improvement
We use Google Firebase: Cloud Messaging for push notifications in our services. This is a tool including infrastructure for sending push notifications in mobile applications. The Firebase installation IDs are transferred to Firebase servers and processed there. Firebase belongs to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Further information about Firebase can be found athttps://firebase.google.com/support/privacy.
4. User Analysis and Tracking
In our services, we use Plausible. This is a web analysis service of Plausible Insights OÜ Västriku tn 2, 50403, Tartu, Estonia, hereinafter referred to as Plausible. The service Plausible is used to analyze the usage behavior of our services. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our services. Usage and user-related information, such as IP address, location, time, or frequency of your visit to our application, are transmitted to a server of Plausible and stored there. All data remains in the EU. The data collected in this way is used by Plausible to provide us with an evaluation of the visit to our service and the usage activities there. This data can also be used to provide further services related to the use of our website and the use of the service. Plausible states that it does not store any personal data. Furthermore, Plausible provides further data protection information for you at https://plausible.io/data-policy.
5. Processing of Personal Information in the Context of Downloading Our Mobile Application
Upon downloading the mobile application, certain necessary personal information regarding your person is transmitted to the respective app store (for example, Apple App Store or Google Play). In particular, your username, your email address, and customer number of your account, the time of the download, payment information as well as the individual device identification number are transmitted. In addition, the app store independently collects various data and provides analysis results. We have no influence on this data collection and assume no responsibility for it. We only process the data to the extent necessary for the download of the mobile application onto your mobile device.
In parts from the sample privacy policy of the law firm Weiß & Partner.