Hoodie Hoo Agency GmbH
Max-Keith-Straße 29
45136 Essen
GERMANY
1. Introduction
Below we inform you about the processing of personal data when using our mobile app (hereinafter only "App").
Personal data includes all data that can be related to a specific natural person, e.g. their name or IP address.
1.1. Contact details
The controller within the meaning of Art. 4 (7) EU General Data Protection Regulation (GDPR) is Hoodie Hoo Agency GmbH, Max-Keith-Straße 29, 45136 Essen, Germany, Email: hello@hoodiehoo.com. We are legally represented by Johannes Kautz.
Our data protection officer is the heyData GmbH,
Kantstr. 99, 10627 Berlin, www.heydata.eu,
Email: datenschutz@heydata.eu.
1.2. Scope of data processing, processing purposes and legal bases
We provide detailed information on the scope of data processing, processing purposes, and legal bases. The following legal bases generally apply to data processing:
● Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
● Art. 6 (1) sentence 1 lit. b GDPR is the legal basis in cases where the processing of personal data is necessary for the performance of a contract, e.g. when a user purchases a product from us or we provide a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.
● Art. 6 (1) sentence 1 lit. c GDPR applies when we fulfill a legal obligation through the processing of personal data, as may be the case in tax law, for example.
● Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis when we rely on legitimate interests for the processing of personal data, e.g. for cookies necessary for the technical operation of our website.
1.3. Data processing outside the EEA
Where we transfer data to service providers or other third parties outside the European Economic Area (EEA), we ensure the security of the data during the transfer, as far as adequacy decisions of the EU Commission are available (e.g. for Great Britain, Canada, and Israel) pursuant to Art. 45 (3) GDPR.
If no adequacy decision exists (e.g. for the USA), the legal basis for data transfer is typically, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 (2) lit. b GDPR, they ensure the security of the data transfer. Many of the providers have given contractual guarantees beyond the standard contractual clauses, protecting the data beyond the scope of these clauses. These include guarantees regarding data encryption or obligations of the third party to notify data subjects if law enforcement authorities want to access data.
1.4. Storage period
Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and there are no legal retention obligations preventing its deletion. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.
1.5. Rights of the data subjects
Data subjects have the following rights regarding their personal data concerning them:
● Right to information,
● Right to correction or deletion,
● Right to restriction of processing,
● Right to object to processing,
● Right to data portability,
● Right to revoke consent at any time.
Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data.
1.6. Obligation to provide data
Customers, interested parties, or third parties are only required to provide us with personal data necessary for the establishment, execution, and termination of the business relationship or other relationship, or which we are legally required to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we will no longer be able to carry out an existing contract or other relationship.
Mandatory information is marked as such.
1.7. No automated decision-making in individual cases
In order to establish and conduct a business relationship or other relationship, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately if this is required by law.
1.8. Contact
When contacting us, e.g. by email or telephone, the data provided by us (e.g. names and email addresses) will be stored by us in order to answer questions. The legal basis for processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR) in answering inquiries addressed to us. We delete the data collected in this context after storage is no longer necessary, or we restrict processing if there are legal retention obligations.
2. Data processing in the App
2.1. Downloading the App
Our app is available for download in Apple's App Store and Google's Play Store (hereinafter "Stores"). When users download the app, the necessary information is transferred to the stores, including the username, email address, and customer number of the account, time of download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to the user's mobile device.
2.2. Hosting
Our app is hosted by the provider Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.). The provider processes personal data transmitted via the app, e.g. content, usage, meta/communication data, or contact details. It is our legitimate interest to provide an app, so the legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR.
2.3. Informational use of the App
When users use our app, we collect the data that is technically necessary for us to offer users the app's functions and ensure stability and security. This is our legitimate interest, so the legal basis is Art. 6 (1) sentence 1 lit. f GDPR.
The data processed in this respect includes:
● IP address
● Date and time of the request
● Time zone difference to Greenwich Mean Time (GMT)
● Content of the request (specific page)
● Access status/HTTP status code
● Amount of data transferred in each case
● Browser
● Operating system and its interface
● Language and version of the browser software
2.4. Access to functions or data
The app requests the user's access to functions of the device or to the device's data in order to execute the app's functions. By granting access, the user consents to the associated data processing, so the legal basis is Art. 6 (1) sentence 1 lit. a GDPR. Users can revoke their consent at any time by ending the access in the device settings. The revocation does not affect the lawfulness of the processing until the revocation.
The functions or data processed in this respect are:
● Camera
● existing photo recordings
● Sending notifications
2.5. Data processing for the provision of functions
In the app, we process data to provide users with the app's functions. The legal basis for processing is the user agreement concluded with the user for the app.
The data processed in this respect is the Universal Unique Identifier of the device (UUID).
2.6. User account
Users can open a user account in the app. We process the data requested in this context in order to fulfill the user agreement concluded regarding the account, so the legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR.
2.7. Single Sign-On
Users can log into our app using one or more single sign-on methods, using the login details already created for a provider. The condition is that the user is already registered with the respective provider. When a user logs in using a single sign-on method, we receive information from the provider that the user is logged in with the provider, and the provider receives information that the user is using the single sign-on method on our website. Depending on the user's settings in their account on the provider's page, the provider may provide us with additional information. The legal basis for this processing lies in the user agreement between the user and the provider.
Providers of the offered procedures are:
● Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (Privacy Policy: https://www.apple.com/legal/privacy/de-ww/).
● Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Privacy Policy: https://policies.google.com/privacy).
2.8. Purchase of goods
We offer the purchase of goods through our app. In the ordering or shipping process, we involve the following service providers, who only receive the respective necessary personal data for the provision of a service. The processing of the data is carried out to fulfill the contract concluded with the respective user (Art. 6 (1) sentence 1 lit. b GDPR).
2.9. Payment service providers
For payment processing, we use payment processors who are themselves data controllers within the meaning of Art. 4 No. 7 GDPR. If they receive the data and payment data entered by us in the ordering process, we fulfill the contract concluded with our customers (Art. 6 (1) sentence 1 lit. b GDPR).
These payment service providers are:
● American Express Europe S.A.
● Apple Inc., USA (for Apple Pay)
● Mastercard Europe SA, Belgium
● PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
● Stripe Payments Europe, Ltd., Ireland
● Visa Europe Services Inc., United Kingdom
3. Changes to this privacy policy
We reserve the right to change this privacy policy with effect for the future. The current version is available here at all times.
4. Questions and comments
For questions or comments regarding this privacy policy, contact us at the above-mentioned contact details.