We provide you with a mobile app that you can download to your mobile device if you are at least 16 years old. If you are not 16 years old, the consent of your parents is required according to Article 8 Paragraph 1 Clause 2 GDPR. In the following we inform you about the collection of personal data when using our mobile app. When downloading the mobile app from the App Store, the required information is transferred to the App Store, i.e. in particular the user name, e-mail address and customer number of your account, the time of the download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device. When using our app, our system collects data and information from the user's mobile device. The following data is collected here:
The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.
With information about the end device of the user, developers can approach problems in a targeted manner. Information on diet and user events improve the delivery of relevant content and help to continuously optimize the app. Device tokens are required to deliver push notifications and in-app messages. Other personal data is used to optimize the app and marketing.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or to fulfill statutory storage obligations.
As an unregistered user, you have the option to delete the app at any time and thus prevent further future data processing. If you also want the data to be deleted or changed, you can request this by email.
In our app we offer users the opportunity to register by providing personal data. Registration is required to use an extended range of functions. The data is entered in input masks and transmitted to us and stored. In addition to the data collected when using the app, the following data is collected as part of the registration process:
As part of the registration process, the user's consent to the processing of this data is obtained.
The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.
User registration is required to provide certain content and services on our app. By registering, it is possible to create recipes, generate shopping lists, subscribe to users, like recipes and log in on multiple devices at any time.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration is canceled or modified.
As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. The account can be deleted at any time via the settings in the Fylet app.
Insofar as this is necessary for the provision of the contractual service owed by us or legal obligations, your data will also be passed on to service providers. A list of all service providers can be found here.
Your personal data will only be passed on within the relevant, in particular data protection and competition law requirements. According to Art. 6 Para. 1 a.), we are entitled to collect, store and transmit personal data if the person concerned has consented to the data processing
The transfer of personal data to third parties serves to provide the service in our name or on our behalf (e.g. technical processing of the email dispatch, dispatch of push notifications). The transfer of personal data to third parties enables us to offer the services related to Fylet.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or to fulfill statutory storage obligations. For the rest, we refer to the data protection regulations of the respective service provider. A list of all service providers with the respective data protection regulations can be found here.
As a user, you have the option to object at any time and have collected personal data removed.
In order to provide the services related to Fylet, data is also transmitted to third countries. Should processing by third party services take place outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44ff. GDPR compliance.
Your personal data will only be passed on within the relevant, in particular data protection and competition law requirements. According to Art. 6 Para. 1 a.), we are entitled to collect, store and transmit personal data if the person concerned has consented to the data processing
The transfer of personal data to third parties serves to provide the service in our name or on our behalf (e.g. technical processing of the email dispatch, payment processing, dispatch of push notifications). The transfer of personal data to third parties enables us to offer the services related to Fylet.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or to fulfill statutory storage obligations. For the rest, we refer to the data protection regulations of the respective service provider. A list of all service providers with the respective data protection regulations can be found here.
As a user, you have the option to object at any time and have collected personal data removed.
Fylet works with service providers to offer the services related to Fylet. A service provider receives personal data from Fylet and is commissioned to process this data for specific purposes. Below is a list of all Fylet service providers with the purpose and location of the data processing. Further details on data processing can be found in the respective data protection notices of the service providers. For more information contact support@Fylet.de. We would like to point out that these service providers are located in the USA, i.e. outside the EU. As the ECJ has determined, there is currently no level of data protection in the USA that is comparable to that in the EU, since US authorities and secret services could access this data. If we obtain your consent when calling up the app,
service provider |
purpose of data processing |
address |
Data processing details |
Google - Firebase Analytics |
App Analytics |
1600 Amphitheater Pkwy, Mountain View, CA 94043, USA |
https://firebase.google.com/support/privacy |
Google-Cloud Firestore |
DatabasePlatform |
1600 Amphitheater Pkwy, Mountain View, CA 94043, USA
|
https://firebase.google.com/support/privacy |
Google - Firebase Messaging |
push notifications |
1600 Amphitheater Pkwy, Mountain View, CA 94043, USA
|
https://firebase.google.com/support/privacy |
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible. You can assert these rights, for example, by sending an email to support@Fylet.com:
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
Under the following conditions, you can request the restriction of the processing of your personal data:
If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed. If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, also of a technical nature, to protect the person responsible for data processing, taking into account the available technology and the implementation costs , who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not exist if processing is necessary
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible.
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications. the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications. the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision:
However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests . With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR. The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.