Stand: 10.10.2022
Data protection is a priority for us. With this privacy policy, we would like to inform you how we process your personal data when you use the Vogel IT Akademie-App (hereinafter “app”) and the services offered there.
Content
Controller and privacy officer
Purposes and legal basis for the processing of personal data
Which personal data is being processed?
Which personal data are processed during download and installation of our apps?
Which access permissions for features of your device are required to use our apps?
Storage duration of your personal data
Can the processing of personal data or this privacy policy change?
Controller and privacy officer
Vogel IT-Medien GmbH (hereinafter “Vogel“), Max-Josef-Metzger-Straße 21, 86157 Augsburg, is responsible for processing of personal data within the scope of the app and the services offered via said app in accordance with EU General Data Protection Regulation (“GDPR”).
For questions or comments on the topic of data protection, please contact Vogel’s privacy officer (address: see above, e-mail: datenschutz@vogel.de).
Purposes and legal basis for the processing of personal data
As part of our range of services we process your personal data in order to be able to offer customer-oriented services. Wherever possible, we give you the opportunity to decide for yourself, which data you would like to share with us. Additionally, we process your personal data to be able to offer the app and for registration within the app so you can use the app and the services offered within it on your mobile device.
We process your data for the purposes mentioned below on the legal basis provided for each case.
For the app to be permitted to access your device and for some processing purposes via the app, we require your consent which you will be prompted to give separately. In these cases, data processing will occur in accordance with art. 6, sec. 1, lit. a, GDPR. For example, this is the case when we send push-notifications via the app, or when we share your data via the app with other participants of the event you are also registered to (data sharing). For further information, please see sections push-notifications or data sharing.
You can revoke your respective consent at any point with effect for the future. Information on this can be found in the Your Rights section and the following sections, specifically detailing consent-based processing (e.g. Push-notifications, or data sharing).
If a contract is concluded between you and us, we will process your data for the purpose of fulfilling this contract on the basis of art. 6, sec.1, lit. b, GDPR. In particular, this is necessary for the following purposes:
- Purchasing products or services on the basis of a contractual arrangement with you.
- Login and registration to events of Vogel IT Akademie using the app. In this case, we process your personal data to support the participants of our events with planning, registration, participation, and the follow-up of an event, and to provide them with all necessary and useful information.
- Use of features available on the app.
- Processing and invoicing in case you use one of our charged offers.
For cases other than above, processing is based on the requirement to protect our legitimate interests in accordance with art. 6, sec. 1, lit. f, GDPR, specifically to offer customer-oriented services and to promote same or similar products of our product portfolio. In these cases, processing occurs for the following purposes:
- Advertising products and offers to better provide users or customers with information tailored to their interests and needs.
- Demand-oriented design of our offer via the app and the services offered there.
- Ensuring the security of our own IT systems, the optimization, and the functionality of the app by saving technical usage data in log files.
Generally, you have a corresponding right to object if the processing takes place on the basis of our legitimate interests (see Your rights section below). There is no right to object in the case of the collection of technical usage data for the display of our websites and the storage of this data in log files for the purposes listed in this section.
We are legally required to collect and process certain data. In this case, art. 6, sec. 1, lit. c, GDPR applies. This is the case, if, for example, we are obligated to transfer data, e.g. to law enforcement on the basis of a legal obligation or if we have to store data for a certain period of time on the basis of legal regulations such as commercial or tax regulations.
The app does not feature cookie-based processing.
Which personal data is processed?
We process the data that we need for the purposes stated in this privacy policy.
The following data is processed via the app:
Registration data on you as user of the app and participant in an event (requested at registration/login):
- First and last name
- Address
- Company
- Company role
- password
- Phone number
- Profile picture (optional)
- …
We save this data on the app ourselves and then forward a booking code for the app to be unlocked for the booked event.
Content data:
- Pictures
- Messages
- Posts
- Websites
- Push-notifications (see also section Push-notifications)
Geolocalization (see also section Geolocalization)
- Your location
Technical usage data
- IP-address
- User-agent
- Operating system version of your device
- App version
- Time zone
- Users logged in via the app
This data is automatically transferred when using the app. This data is vital for us to optimally present our services in the app on your device.
If you are registered event participant, we additionally store all accounting data that we need to invoice our services, potentially including your bank details, your conditions with us, and tax-related data.
Which personal data is processed during download and installation of our apps?
Via Google’s Play Store (Android-compatible devices)
In order to use our apps on your Android device (e.g. Android smart phone or Android tablet), downloading and installing the app onto your device via Google’s Play Store is required. For this, you need to be logged into your Google user account by providing your user name (your e-mail address) and your password.
Google might collect and process data via the Play Store. Further information on purpose and scale of data collection, and on further processing and use of your data in the Play Store by Google can be found in Google’s privacy policy. This is available online at: https://policies.google.com/privacy?hl=en&gl=de Here, you can for instance find information on settings to protect your privacy, and on your further rights regarding the collection, processing, and use of your data by Google. Further information on the use of Google Play Store can be found in the Play Store terms of us, available online at https://play.google.com/intl/en_uk/about/play-terms/.
Via the App Store or iTunes
In order to use our apps on your iOS device (e.g. iPhone, iPod, or iPad), downloading and installing the app onto your device via Apple’s Apps Store (or via iTunes for Mac) is required. For this, you need to be logged in at the App Store with your Apple user account by providing your Apple-ID (usually your e-mail address) and your password. Apple might collect and process data via the app Store. Information on purpose and scale of data collection, and on further processing and use of your data by Apple can be found in Apple’s privacy policy. This is available online at https://www.apple.com/legal/privacy/en-ww/. Here, you can for instance find information on settings to protect your privacy, and on your further rights regarding the collection, processing, and use of your data by Apple. Further information regarding the use of the App Store, iTunes, and other Apple online services can be found in the Apple terms of use online at: http://www.apple.com/legal/internet-services/itunes/us/terms.html.
Which access permissions for features of your device are required to use our App?
When installing and using the app, only permissions are requested that are essential for the app to work:
- Camera: Runtime permission
- ACCESS_FINE_LOCATION: Runtime permission (to display your location in the Google Maps image)
- WRITE_EXTERNAL_STORAGE, READ_EXTERNAL_STORAGE: Runtime permission (to upload a photo or a file in the app)
- INTERNET: Normal permission (base-functionality, required for connection to event server)
- VIBRATE: Normal permission – (to activate QR scanner)
- com.sec.android.provider.badge.permission: Normal permission (to display the app icon)
- android.permission.ACCESS_NETWORK_STATE: Normal permission (to check network/internet connection status)
- com.google.android.c2dm.permission.RECEIVE Normal permission (to receive push-notifications on Android devices; this is a runtime permission for iOS devices)
- com.google.android.providers.gsf.permission.READ_GSERVICES: Normal permission (required for access to Google Maps and other services of Google Play Store)
If you consent to the access permissions and accesses during or after installation of the respective app, you thereby give us consent to these accesses to your device. The legal basis for processing is art. 6, sec. 1, lit. a (GDPR). Purpose of data processing via certain access permissions to your device is the technical operation and the use of the respective app and all included features. You can set access permissions and revoke any consent given separately and individually for each app using the settings of your device. Please note that the app will no longer run properly or at all if you do not grant certain access permissions via the settings.
Storage duration of your personal data
We store your data as long as required in order to provide our services, meet contract obligations, or if we have a legitimate interest in longer storage.
If processing is based on your consent or on one of our legitimate interests, the data concerned will no longer be processed for the associated purpose after your revocation or objection has been receives and will be deleted if necessary, excluding legal grounds for data storage. Regardless, data stored on the basis of commercial or tax law will only be deleted after the statutory periods have expired. With the regular limitation period being three years, the duration of storage also depends on statutory limitation periods, which can be up to thirty years, for example according to §§ 195 ff. of the German Civil Code (BGB).
Under certain circumstances, your data must also be stored longer, e.g. if, in case of official or legal procedures, data deletion is prohibited for the duration of the procedure.
Recipients of data
Order processing
We sometimes hire service providers to help us process personal data on our behalf. We have bound these service providers to us by an order processing contract in such a way that they may only process the data for our business purposes and on our instructions. These service providers primarily include technical service providers (including affiliated companies) for the maintenance, hosting, and support of our IT infrastructure including this app and our website, as well as service providers for mailings, lead campaigns, and other marketing measures.
Transfer of your data to third parties
Transfer of your data to third parties only occurs given a legal basis or your express consent. The purpose of the app is to facilitate contact between participants of the same event and thus requires your data to be transferred. However, your express consent to this transfer of data is required (see section data sharing).
Transfer of data to third countries
Generally, we do not transfer your data to other countries or third countries (countries that are neither members of the European Union nor of the European Economic Area) or to international organizations. Exceptionally, data may be transferred to third countries if this is necessary to provide services to you, if it is required by law, or if we have your consent. Some of the service providers that process personal data on our behalf are located in third countries that do not offer the same level of protection for your personal data as in the EU, due to – amongst others – the lack of laws, lack of rights, or lack of supervision in said countries. Some recipients, especially the providers of social media channels or registered users who process your data, are also located in said third countries. Personal data is only transferred to said third-countries outside of the EU if the European Commission has adopted a so-called adequacy decision in this regard (art. 45, sec. 3, GDPR) (see here ) or if safeguards in accordance with article 46 GDPR are in place, in particular standard data protection clauses issued by the European Commission in accordance with article 46, sec. 2, lit. c, GDPR (see here). You can obtain a copy of these upon request (e.g. by e-mail) – for contact details see section controller and privacy officer above or https://support.vogel.de.
Information on possible transfers of your data to third countries can also be found in the privacy policies of the recipients that make transfers to third countries.
Your Rights
Provided that the legal requirements are met, you as a data subject are entitled to the following rights in accordance with articles 12 to 21 GDPR.
Information:
You have the right to request information about your personal data stored and the scope of our data processing and transfer and to receive a copy of your stored personal data.
Rectification:
You have the right to request without delay the rectification of personal data concerning you and stored about you, if this data is incomplete or incorrect.
Erasure:
You have the right to demand the immediate erasure of your personal data stored by us if the legal requirements are met. This is particularly the case if your personal data are no longer needed for the purposes for which they were collected; the legal basis for data processing was solely your consent which you since have revoked; you have objected to processing on the basis of legitimate interests (art. 6, sec. 1, lit. f, GDPR) for personal reasons and we are unable to prove that there are overriding legitimate reasons for processing; your personal data have been processed unlawfully; or your personal data must be erased to comply with laws and regulations. If we have passed on your data to third parties, we will inform them about the erasure, within the scope required by law. Please note the restrictions regarding your right of erasure. For example, we are not allowed to erase data that we are required to retain by law. Data that we need to assert, exercise, or defend legal claims are also excluded from your right of erasure.
Restriction of processing:
You have the right to request restriction of processing if one of the following conditions is met: You dispute the accuracy of the personal data, and we need to verify the accuracy of the personal data. The processing is unlawful, you object to the erasure of personal data and instead demand the use of personal data be restricted. Whereas we no longer need your personal data for the purposes of processing, you need the data to assert, exercise, or defend legal claims. You have filed an objection to the processing, and it is yet to be determined whether our legitimate reasons override yours. In the event of a restriction of processing, the data will be blocked centrally and – apart from your own copies – processed only with your consent or for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the EU or an EU Member State.
Data transferability:
If we automatically process the personal data you have provided to us on the basis of your consent or a contract with you (including your employment contract), you have the right to receive the data in a structured, common, and machine-readable format and to transfer this data to another controller without our interference. You also have the right to request direct transfer of personal data to another controller, given technical feasibility.
Objection:
If we process your personal data for legitimate interests or in the public interest, you have the right to object to the processing of your data for personal reasons. Furthermore, you have an unlimited objection right if we process your data for our direct advertising. Please see our separate note in the section “Your right of objection” below.
Revocation of consent:
If you have given your consent to the processing of your personal data, you can revoke this consent at any time. Please note that the revocation is only effective for the future. Processing prior to the revocation is not affected. Specific information on how you may revoke your consent can be found in our online offers when your consent is specifically requested and in the following sections of this privacy policy:
- Data Sharing
- Push-Notifications
- Geolocalization
Complaints:
Additionally, you have the right of lodging a complaint with a supervisory authority in accordance with Art. 77 GDPR, § 19 Bundesdatenschutzgesetz (BDSG), if you believe that your personal data is being processed unlawfully. The right of complaint is independent of any other administrative or judicial remedy.
Your right to object
Based on your personal situation, you have the right to object to the processing of your personal data which is carried out on the basis of article 6, sec. 1, lit. f GDPR at any time, including profiling based on these provisions.
We will no longer process your personal data unless we can provide compelling reasons worthy of protection for processing which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of said marketing, including profiling related to said direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes. You may exercise your right to object in connection with the use of information society services by means of automated procedures involving technical specifications, regardless of directive 2002/58/EC.
To exercise your rights, you can contact the controller. The contact details can be found in section Controller and Privacy Officer or by using the contact form https://contact.vogel.de/en.
Can the processing of personal data or this privacy policy change?
We constantly monitor the handling of personal data based on privacy regulations and make adjustments if necessary. Please take regular note of our privacy policy which presents the current status of our handling of personal data. Any changes will be announced here as well as in your user account. In the case of contractual changes, which affect e.g. the processing of your data for the fulfillment of the contract and the personalization of our offer, we will additionally inform you separately via e-mail.
Other special processing
Data Sharing
The primary purpose of the app is to enable you to contact participants of the same event that you also participate in, to facilitate exchange of data especially for potential business contacts. For this, the following data are displayed in your app profile in the app.
- Name
- Company name
- Company role
Once you accept the contact request of another participant, more data from your app profile becomes accessible:
- Phone number
The data mentioned above are only processed given your consent which you may provide in the app after your first log in and initial use of the app.
You may revoke your given consent at any point; for this, simply stop using the app and uninstall it from your device.
Push-Notifications
When you have the app installed and use it, we can send push-notifications to your mobile device. This occurs only given your prior consent which we request from you upon your initial us of the app. For access permissions required for push-notifications, please see section “which access permissions for features of your device are required to use our apps?”
The legal basis for push-notifications is art. 6, sec. 1, lit. a (GDPR). You can turn off push-notifications at any point by blocking or disabling push-notifications in the app settings of your device Revocation does not change the lawfulness of data processing that occurred up to the time of revocation.
Chat-Feature
The app features a chat feature which allows you to contact other participants and enables you to communicate with them using the app. For this, only technically required usage data are processed.
If you share personal data in the chat with your communication partner, this happens at your own responsibility. We process this communication data based on art. 6, sec. 1, lit. b (GDPR) as the provision of the chat feature is required for us as a contractual obligation for fulfilling the usage contract with you.