Unsere Datenschutzerklärung.

Fylet App Privacy Policy

I. Provision of the App

1. Description and scope of data processing

We provide you with a mobile app that you can download to your mobile device if you are at least 16 years old. If you are not 16 years old, the consent of your parents is required according to Article 8 Paragraph 1 Clause 2 GDPR. In the following we inform you about the collection of personal data when using our mobile app. When downloading the mobile app from the App Store, the required information is transferred to the App Store, i.e. in particular the user name, e-mail address and customer number of your account, the time of the download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device. When using our app, our system collects data and information from the user's mobile device. The following data is collected here:

1. IP address of the user
2. Information about the end device (operating system and version, device brand and device model, Android Advertising ID, Apple IDFA/IDFV, language setting)
3. Location of the user (location of the IP address)
4. time and duration of access
5. Optional: information on diet (e.g. "vegetarian diet")
6. User events (e.g. favouriting a recipe)
7. Device tokens, e.g. for sending push notifications

2. Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

3. Purpose of data processing

With information about the end device of the user, developers can approach problems in a targeted manner. Information on diet and user events improve the delivery of relevant content and help to continuously optimize the app. Device tokens are required to deliver push notifications and in-app messages. Other personal data is used to optimize the app and marketing.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or to fulfill statutory storage obligations.

5. Possibility of objection and elimination

As an unregistered user, you have the option to delete the app at any time and thus prevent further future data processing. If you also want the data to be deleted or changed, you can request this by email.

II. Account Registration

1. Description and scope of data processing

In our app we offer users the opportunity to register by providing personal data. Registration is required to use an extended range of functions. The data is entered in input masks and transmitted to us and stored. In addition to the data collected when using the app, the following data is collected as part of the registration process:

1. E-mail address
2. First and Last Name
3. time of registration
4. access data
5. Optional: profile picture
6. When registering via Google: Google profile picture, first and last name
7. When registering via Apple: first and last name

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

3. Purpose of data processing

User registration is required to provide certain content and services on our app. By registering, it is possible to create recipes, generate shopping lists, subscribe to users, like recipes and log in on multiple devices at any time.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration is canceled or modified.

5. Possibility of objection and elimination

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. The account can be deleted at any time via the settings in the Fylet app.

III. Disclosure of Personal Information to Third Parties

1. Description and scope of data processing

Insofar as this is necessary for the provision of the contractual service owed by us or legal obligations, your data will also be passed on to service providers. A list of all service providers can be found here.

2. Legal basis for data processing

Your personal data will only be passed on within the relevant, in particular data protection and competition law requirements. According to Art. 6 Para. 1 a.), we are entitled to collect, store and transmit personal data if the person concerned has consented to the data processing

3. Purpose of data processing

The transfer of personal data to third parties serves to provide the service in our name or on our behalf (e.g. technical processing of the email dispatch, dispatch of push notifications). The transfer of personal data to third parties enables us to offer the services related to Fylet.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or to fulfill statutory storage obligations. For the rest, we refer to the data protection regulations of the respective service provider. A list of all service providers with the respective data protection regulations can be found here.

5. Possibility of objection and elimination

As a user, you have the option to object at any time and have collected personal data removed.

III. Transmission to third countries

1. Description and scope of data processing

In order to provide the services related to Fylet, data is also transmitted to third countries. Should processing by third party services take place outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44ff. GDPR compliance.

2. Legal basis for data processing

Your personal data will only be passed on within the relevant, in particular data protection and competition law requirements. According to Art. 6 Para. 1 a.), we are entitled to collect, store and transmit personal data if the person concerned has consented to the data processing

3. Purpose of data processing

The transfer of personal data to third parties serves to provide the service in our name or on our behalf (e.g. technical processing of the email dispatch, payment processing, dispatch of push notifications). The transfer of personal data to third parties enables us to offer the services related to Fylet.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or to fulfill statutory storage obligations. For the rest, we refer to the data protection regulations of the respective service provider. A list of all service providers with the respective data protection regulations can be found here.

5. Possibility of objection and elimination

As a user, you have the option to object at any time and have collected personal data removed.

V. Recipients of data (in third countries) / service providers with access to personal data (from third countries)

Fylet works with service providers to offer the services related to Fylet. A service provider receives personal data from Fylet and is commissioned to process this data for specific purposes. Below is a list of all Fylet service providers with the purpose and location of the data processing. Further details on data processing can be found in the respective data protection notices of the service providers. For more information contact support@Fylet.de. We would like to point out that these service providers are located in the USA, i.e. outside the EU. As the ECJ has determined, there is currently no level of data protection in the USA that is comparable to that in the EU, since US authorities and secret services could access this data. If we obtain your consent when calling up the app,

service provider	purpose of data processing	address	Data processing details
Google - Firebase Analytics	App Analytics	1600 Amphitheater Pkwy, Mountain View, CA 94043, USA	https://firebase.google.com/support/privacy
Google-Cloud Firestore	DatabasePlatform	1600 Amphitheater Pkwy, Mountain View, CA 94043, USA	https://firebase.google.com/support/privacy
Google - Firebase Messaging	push notifications	1600 Amphitheater Pkwy, Mountain View, CA 94043, USA	https://firebase.google.com/support/privacy

rights of the data subject

If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible. You can assert these rights, for example, by sending an email to support@Fylet.com:

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

1. the purposes for which the personal data are processed;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
6. the existence of a right of appeal to a supervisory authority;
7. all available information about the origin of the data if the personal data are not collected from the data subject;
8. the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

1. if you contest the accuracy of the personal data concerning you for a period that enables the person responsible to check the accuracy of the personal data;
2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
3. the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
4. if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed. If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to erasure

1. a) Obligation to delete

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
3. You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
4. The personal data concerning you have been processed unlawfully.
5. The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
6. The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

1. b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, also of a technical nature, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

1. c) Exceptions

The right to erasure does not exist if processing is necessary

1. to exercise the right to freedom of expression and information;
2. to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
5. to assert, exercise or defend legal claims.

5. Right to Information

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that

1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

7. Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications. the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications. the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision:

1. is necessary for the conclusion or performance of a contract between you and the person responsible,
2. is permitted on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
3. takes place with your express consent.

However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests . With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR. The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.