Privacy policy for our app

Last updated: 10/04/2021

This privacy policy applies to our mobile iOS and Android App VANATU ("App", "Services").

1. General Information

The responsible party ("we", "us") for the Services within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions of data protection law is:

relayts UG (haftungsbeschränkt)
Beskidenstr. 18A
14129 Berlin
Germany

+49 174 8826549
info@relayts.com
www.relayts.com

2. Data we collect and process

2.1 Information and content provided by you

2.1.1 Required Information

  • Name: Your name is displayed in your public profile and in private chats to represent you.

  • Profile picture: Your profile picture will be displayed in your public profile and in private chats to represent you. Once you add photos from your device, you can allow us to access your camera and photo album.

  • Interests: Your interests will be displayed on your public profile to represent you.

  • Age: By entering your age, we check whether you are at least 18 years old and are allowed to use the app.

We delete this data when you delete your user account. The legal basis of the processing is Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract).

2.1.2 Additional information:

  • Additional profile information: When editing your public profile, you can provide additional information to complete your profile ("About me", "My work", "My education", "Languages I speak", "Where I live", "I'm from", "Vaccinated against COVID").

  • Notification settings: To ensure that you only receive the push notifications that you are interested in, we collect your notification settings, which you can adjust in the settings.

We delete this data when you delete your user account. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract).

2.1.3 Location data

For the timeline functionality (see 2.3.3), we collect, if you allow us to do so, your exact location data based on various location data based on different methods depending on your mobile device, such as GPS, WLAN or Bluetooth. The location data may be collected in the background, if you have expressly allowed us to do so, even if you do not use the mobile services.

Your current location, if you have allowed it to be collected, will be sent to our back-end system on a regular basis where it will be processed.

We delete your latest location when you delete your user account. We delete past locations at the latest after 14 days. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract).

2.1.4 Processing of special categories of personal data

Certain data that you voluntarily provide to us may be considered in jurisdictions as "processing of special categories of personal data" (Art. 9 GDPR). For example, data about your religious beliefs, sexual orientation, your health, your ethnic origin or nationality, your political opinions, your philosophical beliefs, your health. By choosing to provide this data, you consent to our processing of this data.

We delete this data when you delete your user account. The legal basis for the processing is your consent in accordance with Art. 9 Para. 2 lit. a DSGVO.

2.2 Additional data which are processed through the use of the app

2.2.1 Downloading the app from the app stores

When downloading the app, required information is transferred to the respective app store. Depending on the app store, the data record may contain, for example: user name, e-mail address, customer number at the app store, the time of the download and the individual device ID. We have no influence on this data connection. The operator of the respective app store is responsible for this. We only process the data that is necessary to download the app to your device.

The processing of this personal data is necessary so that you can install the app on your device. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

2.2.2 User account data

When you create a user account or log in to the app, random login data is generated which is assigned to your user account. account. All of your personal data is associated with this login data.

On Android, the login data is stored on your device. If you uninstall the app or delete your user account, the login data will be deleted.

On iOS, the credentials are stored in your iOS keychain. If you uninstall the app, the login data will still be stored in your keychain. This means that you still have access to your user account after a reinstallation. If you delete your user account, the login data will be deleted from your keychain.

You can find more information about Apple's privacy policy here.

We delete this data when you delete your user account. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract).

2.2.3 Event data

  • Timeline: Your current location is used to check whether you are in the immediate vicinity of other users. If you are in close proximity to other users, we store the encounter ("timeline event"), to display it in your Timeline and the Timeline of the other user(s). If you deactivate your location in your profile settings, you will no longer be visible and your location data will no longer used to create timeline events. Timeline events are deleted automatically after 14 days based on the last encounter.

  • Likes & matches: We process your likes and matches to display users you have liked and matched with.

  • Messaging: To display chats we process messages you have with other people and the information if you have already read a message.

  • Blocked users: To prevent users you have blocked getting displayed in the app, we keep a list of users you have blocked.

We delete this data when you delete your user account. The legal basis of the processing is Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract).

2.2.4 Analysis of usage behaviour

We collect information about how you use the app. For example, we collect the time of your registration, time of last login, failed login and registration attempts. We do this to analyse user behaviour for improvements to the app and to ensure security.

We delete this data when you delete your user account. The legal basis is our legitimate interest according to Art. 6 para. 1 lit. f DSGVO.

2.2.5 Device information

Each time our app is called up, we automatically collect data and information from the calling device. This data is stored in so-called log files. The log files enable us to track the activities on our app and identify errors. The legal basis for the temporary storage of the data and the log files is our legitimate interest in providing and improving our services in accordance with Art. 6 Para. 1 lit. f DSGVO.

The following data is collected by default from the mobile device you are using, transmitted to us and deleted after ninety days at the latest:

  • IP address
  • Name of the website accessed, file, date and time of the request
  • Information on browser type, version and language
  • operating system
  • requesting provider
  • amount of data transferred
  • previously visited website (referrer URL)

In addition, we process the following further data:

  • Country code: In order to present the app in your preferred language, we collect the country code (system language) from your device. The legal basis is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. If you uninstall the app, the country code is no longer processed by the app.

  • Push handle: After creating your user account or after successful login, we collect the push handle of your device so that you can receive push notifications. On Android, push notifications are automatically enabled. On iOS, you have to confirm that you want to receive these messages. All notification options can be turned on or off later in the app settings and your device settings. We delete this data when you delete your user account. The legal basis for the processing is Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract).

2.2.6 Crash notifications

Because we want to improve the stability and reliability of the app, we rely on anonymised crash reports. These reports do not contain any personal data.

  • Android: If you voluntarily agreed to submit crash notifications to Google when setting up your device, after an app crash, the information (state of the app at the time of the crash, manufacturer, operating system, stack trace/stack memory trace and latest log messages) will be send to us.

  • iOS: If you voluntarily and explicitly agree to the transmission of a crash report after a crash of the app, the crash report (state of the app at the time of the crash stack trace, timestamp of the start and crash, the list of software libraries loaded in memory) will be sent to us.

The legal basis is our legitimate interest in improving our services pursuant to Art. 6 (1) lit. f DSGVO.

2.2.7 Feedback function

We regularly collect feedback from all users in order to improve our app. For each feedback survey, you decide for yourself whether you want to volunteer or refuse to complete the survey. To ensure that you only receive each survey once, we keep a record of whether you complete or decline a survey. If you have provided voluntary feedback, we record this to help us understand how we can improve our app and whether our improvements have been successful. have been successful.

We delete this data when you delete your user account. The legal basis is our legitimate interest in improving our services in accordance with Art. 6 Para. 1 lit. f DSGVO.

2.3 Support chat or email enquiries, reporting function

If you contact us (e.g. via the support chat or the report function within the app as well as outside the app by e-mail), your request including all personal data resulting from it (e.g. user account data, name, content of the request) will be collected and used by us for the purpose of processing your request. (e.g. user account data, name, content of the request) will be collected and used by us for the purpose of answering your request. The processing of this data is carried out on the basis of Art. 6 Para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. . In all other cases, the processing is based on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have legitimate interest in the effective in the effective processing of the enquiries sent to us. The data you send to us per contact request will remain with us until you ask us to delete it or the purpose for storing the data no longer exists (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

If you want to delete the data before the processing is completed, you can revoke the processing via the support chat in the app or by e-mail to support@vanatu.app.

How do we share your data?

3.1 Service providers and partners

We work with external partners who help us to provide our services. When using external service providers (processors), we ensure that contracts with the service providers to ensure that the data processing complies with German and European data protection standards.

The legal basis for the transfer is Art. 28 DSGVO.

3.1.1 Hosting

For the provision of our app and our backend systems, we work with external service service providers, such as Netcup GmbH (Daimlerstraße 25 76185 Karlsruhe, Germany) and Amazon Web Services, Inc. (410 Terry Avenue North Seattle WA 98109 United States). The data is stored on servers within Europe.

3.1.2 E-mail provider

We manage emails we receive from you via hello@vanatu.app, support@vanatu.app or info@relayts.com using with Microsoft Office 365 from Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399 USA). The data is stored on servers within Europe.

3.1.3 Push notifications

We use the Amazon Web Services (AWS) service for push notifications. Amazon Web Services uses the services Firebase Cloud Messaging by Google on Android and Apple Push Notifications on iOS. Firebase and Apple serve only as transmitters.

You can deactivate the sending of push notifications in the settings. This means that no data is sent to AWS and Firebase and Apple as part of the push notifications.

4. How long do we store your data?

We only store your personal data until the purpose for storing the data no longer applies or you request us to delete it. Although your user account will no longer be visible to anyone after deletion, it may take up to 14 days for all of your data to be completely deleted.

If there is a legal obligation to retain the data or another legally recognised reason to retain the data (e.g. interest in preserving evidence - especially in the event of potential legal disputes), we will The personal data concerned will not be deleted until the respective reason for retention no longer applies.

5. How do we protect your data?

The app uses SSL encryption for the security and transmission of confidential content. The encryption prevents transmitted data from being read by unauthorised third parties.

We make all efforts to protect your personal data from unauthorised access, modification, disclosure or destruction. or destruction. However, we would like to point out that data transmission on the Internet can have security gaps. A complete protection of data against access by third parties is not possible.

If you believe that your user account or your data is no longer secure, please inform us immediately.

6. When will the privacy policy change?

It is important to us that we constantly improve the privacy policy as well as the app. Therefore, we will occasionally update the privacy policy and we reserve the right to change this privacy policy at any time in compliance with the law.

We will always notify you before any material changes take effect so that you have time to review the changes.

7. Your rights

We want you to be aware of your data protection rights (according to DSGVO). We would like to inform you at this point:

Right to object to data collection in specific cases

If the data processing is based on Art. 6 (1) lit. f DSGVO, you have the right to object to the collection of the personal data concerned at any time for reasons based on your particular situation; this also applies to profiling on the basis of these provisions. The respective legal bases on which processing is based can be you can find in this privacy policy. If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing. If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The right of appeal is without prejudice to other administrative or judicial remedies.

Information, deletion and correction

You have the right to receive at any time, free of charge, information about your stored personal data (Art. 15 DSGVO), its origin and recipient and the purpose of the data processing, as well as the right to have this data corrected or deleted (Art. 17 DSGVO). You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data (Art. 18 DSGVO). To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

  • If the processing of your personal data was / is unlawful, you can request the restriction of data processing instead of deletion.

  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

  • If you have objected in accordance with Article 21(1) of the GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format (Art. 20 DSGVO). If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.