SplitServe App Privacy Notice
Last updated on 27th May 2022
Thank you for being part of our community at SplitServe. We are committed to protecting your personal data and your privacy. We try to describe the use of your personal information as clear and transparent as possible. Please take some time to read this privacy statement carefully. If you have any questions concerning your privacy, please do not hesitate to contact us. You can find our contact data below.
1. Legal Basis
As we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is the legal basis. If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, or processing is required for pre-contractual actions, Art. 6 para. 1 lit. b GDPR is the legal basis. As the processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR is the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR is the legal basis for processing.
2. Contact data of the responsible party
3. Purpose of this privacy statement
The purpose of this privacy statement is to inform the users of the SplitServe App (“App”) for Android and iOS about the kinds, usage and purpose of the collection of personal information.
The responsible party takes your privacy seriously and treats your data confidentially and compliant to law. We constantly improve our app and add new features. Consequently, we need to update this privacy notice from time to time. Changes will be effective as soon as they are accessible. If we make fundamental changes, we will try to inform you by a push notification and/or will renew your consent. We explicitly recommend to frequently review this notice for changes.
4. What information we do collect
Personal information you disclose to us
We collect personal information that you apparently provide to us while using our services in our App, e.g. creating groups and managing payments or otherwise when you contact us.
The personal information that we collect depends on the context of your interactions with us or our App and the features you use. The personal information we collect may include the following:
- Personal Information provided by you. As soon as you register in the app we collect personal data from you including your email address and your name. You can also use a pseudonym.
If you sign in with your Google account, we collect the mail address, name and profile picture associated with your account.
If you sign in with your Facebook account, we collect the data of your public profile which includes your account id, your full name and your profile picture. Also we access your mail address that is associated with your account.
- Payment Data. We collect data necessary to process your payment if you make purchases, e.g. your credit card number, and the security code associated with your payment instrument. All payment data is stored – depending on the platform – at Google Inc. (Android) or Apple Inc. (iOS). You may find their privacy notice link(s) here: https://policies.google.com/privacy https://www.apple.com/privacy/approach-to-privacy/
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
We automatically collect certain information when you visit, use or navigate the App. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, like your IP address, operating system, device characteristics, language preferences, device name, country, location, information about how and when you use our App and other technical information. This information is primarily needed to maintain the security and operation of our App, and for our internal analytics and reporting purposes.
The information we collect includes:
- Log and Usage Data: Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our App and which we save in log files. This log data may include your IP address, device information, settings, information about your activity in the App such as time stamps, viewed screens and other actions you take. Server logs are automatically deleted after seven days.
- Device Data: We collect data about your phone, tablet or other device you use to access the App. Depending on the device used, this may include information like your IP address, device and application identification numbers, location, hardware, Internet service provider, operating system and configurations.
Information collected through our App
If you use our App, we also collect the following information:
- Mobile Device Access: We may request access or permission to certain features from your mobile device, including your mobile device’s camera, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Data:We automatically collect information about your device including mobile device ID, model, manufacturer, operating system, software version and configurations, device and application identification numbers, hardware model, Internet service provider and IP address, the network your mobile device is connected to and information about the features of our App you used.
- Push Notifications:We may request to send you push notifications regarding your account or certain features of the App. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings or in the app settings.
- Crash and error reports: Device event information, app and system activity and errors are tracked and saved in the case that an error or crash occurs. We use the service Firebase Crashlytics (see Services) to track such errors. You can opt-out sending crash and error reports on first app start and in the app settings.
This information is primarily needed to maintain the security and operation of our App, for troubleshooting and for our internal analytics and reporting purposes.
5. HOW DO WE USE YOUR INFORMATION?
We use personal information collected via our App for a variety of business purposes that are described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the collected information to:
- facilitate and manage user accounts. We use our mail address, name and potentially (if you sign in with your social media account) your social media account data to maintain your user account that you use in the app.
- improve the security of our App and services.
- request feedback.
- respond to support inquiries and offer support to users. We may use your information to solve any potential issues you might have when using our services.
- deliver services to the user, such as planning required equipment, recording payments and settling with the other members of your groups.
- send administrative information to you via push notifications.
- enforce our terms and conditions for business purposes or in connection with our contract for complying with legal requirements.
- respond to legal requests.
- fulfill and manage your orders you made through the App.
- maintain our prize policy.
- send you marketing and promotional communications. You can opt-out of our marketing emails at any time by sending us an email.
- deliver targeted advertising to you.We use your information to develop and display personalized advertising with third parties, adapted to your interests and location and to measure its effectiveness.
6. WILL YOUR INFORMATION BE SHARED?
We may process or share your data that we collect based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interest: We may process your data when it is reasonably necessary to achieve our legitimate business interests. You may disagree to such data usage in the app settings.
- Performance of a Contract: We may process your personal information to fulfill the terms of our contract, we might have entered with you.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your information where we believe it is necessary to investigate or prevent potential violations of our policies, suspected fraud and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
- Business Transfers: We may share or transfer your information in connection with negotiations of any merger, sale of company assets, financing, or acquisition of all or part of our business to another company.
- Vendors and Third-Party Service Providers: We share your data with third-party service providers and contractors who perform services for us or on our behalf if they require access to such information to do that. This includes payment processing, data analysis, email delivery, hosting services, customer service and marketing. We may allow selected third parties to use tracking technology on the App, which will enable them to collect data on our behalf about how you interact with our App. This information is used to improve our services and measure the popularity of new features. We have contracts in place with our data processors, which ensure the use of your data according to law and regulations. This means that they cannot do anything with your personal information unless we instructed them to. They are also not allowed to share your personal information with any organization besides us.
We have implemented measures to protect your personal information, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.
For more information about our partners see chapter “Partners and services”.
- Other Users: When you share personal information or otherwise interact with the App, such personal information may be viewed by all users and may be publicly made available outside the App in perpetuity. Similarly, other users will be able to view information about your activity and communicate with you within our App.
7. Partners and services
The App for iOS is hosted by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. You can find further information about the privacy notice of Apple at https://www.apple.com/privacy/approach-to-privacy/.
Apple collects information such as the hard- and software you use, the quality of your network connection and your device and app usage. You can opt-out of the collection of such data following these instructions:
The App for Android is hosted by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, USA, 94043. You can find further information about the privacy notice of Google at https://policies.google.com/privacy.
The app uses the services of Google Analytics. Collected data is stored in the United States. Standard contractual clauses guarantee the compliant use of your personal information. You can opt-out on the first start of the app and in the app settings if you do not want to provide your data to Google Analytics.
The app uses the service Firebase of Google to collect crash and error reports and app logs. Collected data is stored in the United States. Standard contractual clauses guarantee the compliant use of your personal information. You can opt-out on the first start of the app and in the app settings if you do not want to provide crash reports.
Google collects information such as battery level, app usage, duration and quality of network connections and collects data about app crashes. You can opt-out send crash reports by following these instructions:
The app uses a server infrastructure hosted by Heroku, Inc., 650 7th St, San Francisco, CA 94103. You can find further information about the privacy notice of Heroku at https://www.heroku.com/policy/privacy/.
The server logs are stores on servers within Europe.
Our server database is hosted with the service “MongoDB Atlas” of MongoDB, Inc., 1633 Broadway, New York, NY 10019, USA. The service uses an infrastructure of AWS (see below). You can find further information about the privacy notice of MongoDB at https://www.mongodb.com/cloud/trust.
Our database is physically stored in a data cluster of Amazon Web Services, Inc. (“AWS”), P.O. Box 81226, Seattle, WA, USA. You can find further information about the privacy notice of AWS at https://aws.amazon.com/de/privacy/.
The data is stored in Frankfurt, Germany.
8. HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information for as long as it is necessary for our purposes described in this privacy notice. A longer retention period might be required or permitted by law (such as tax, accounting or other legal requirements). None of our purposes described in this notice will keep us from removing user data within 3 months after termination of a user account,
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.
9. WHAT ARE YOUR PRIVACY RIGHTS?
You have the right to
- request access and obtain a copy of your personal information.
- to request rectification or erasure.
- to restrict the processing of your personal information.
- object to the processing of your personal information in certain circumstances. To make such a request, please use the provided contact details. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you want to make use of one of the previous rights, please use our provided contact data.
If you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.
If you have questions or comments about your privacy rights, you may email us at firstname.lastname@example.org.
If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the provided contact information.
10. CONTROLS FOR DO-NOT-TRACK FEATURES
Some mobile operating systems and mobile applications include a Do-Not-Track („DNT“) feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.5