Privacy statement

Privacy Policy

Introduction
This privacy policy shall apply to the mobile app Twaddle (called the “App”) and the website https://gettwaddle.com/ (called the “Website”), both together also called the “Services”. Regarding the Services the RoulApp UG (haftungsbeschränkt) (“Twaddle”, “we”, “us” or “our”) is the controller within the meaning of the General Data Protection Regulation (“GDPR”).

 Your privacy is important to us. This privacy policy explains what personal data we collect in order to provide our services and how we will handle your personal data. Personal data is discrete information about private or objective conditions of a specific or identifiable natural person. In general personal data includes but is not limited to a person’s birthday, sex or location and usage data such as the IP address. Another purpose of the privacy statement is to inform users about how we ensure the protection and safety of personal data. Also we will explain hereunder, which choices you have for instance with respect to usage of your personal data for advertising purposes or to delete your account.

Everybody may register to our services aged 16 or older.

In order to provide our services to you, we need to obtain your express agreement to our privacy policy.

2. DATA WE COLLECT, PROCESS AND USE
a. In general, you can choose to use our services by providing personal data as required by those services. For example such data could be a profile picture, location information or other (possibly identifying or biometrical) information. This data will be processed as necessary to provide our services. For example this might include processing of biometrical information (like for example profile pictures uploaded by you) with face recognition or detection software or in other ways.
b. Regarding the Website and app: if you visit the Website or app your device automatically transfers certain data so that it can access the Service, in particular for exmaple:

the IP address
the date and time of the request, file, date and time of request
the device type and version and information about software running on it
the operating system
the language and version of the browser software
data volume transferred
an identifier which does not change over time and is used to track a user across usage sessions
Such data are processed, to provide and improve our service.

c) Regarding the smartphone application: When your device communicates with our infrastructure, it will transmit various personal data like location information, information about your activities, biometric information (age, photos or videos which you share inside the app), identifiers which allow us to track you over time (e.g. IP addresses, device identifiers, usernames) and similar information with regard to your device settings (like for example your menu language or operating system). 

d) This data is retained and processed by us. In addition to use the app you shall provide us additional basic demographic data such as gender, age or your location. We use this data in order to create a more personalized user experience. Regarding your age, we process such data also in order to verify whether you are old enough to use the App.

e) In addition, the full functionalities of the App are only accessible to you if you grant access to your mobile device’s geo location, camera, microphone, push notification service and possibly other data. When you use the App for the first time you will be asked by your device whether such data may be used. If you do not allow this or if you allow this, but later deactivate this functionality in the settings of your device, please note that the App may stop working.

f) We might disclose your Personal Data where such disclosure is required by law (for example, upon request of a court or of law enforcement authorities).

g) The legal basis for the processing of personal data described above in

section 2.b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data arises from the fact that without such data the Website cannot be accessed).
section 2.c (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
section 2.d is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we use and analyze the respective data to improve the App, such as by gaining a better understanding of your interests and to help personalize your user experience, as well as providing you features exclusive to your specific demographic; regarding age verification we have an interest to verify whether you are old enough to use the App).
section 2.e is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures) and Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interest is that we can only provide the App services with all its functionalities, if respective geo location data is processed). For the avoidance of doubt: we will not process your geo location data if you choose to not allow your device to share such data with regard to the App (cf. also above under 2.f).
section 2.f is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).

3. USE OF ANALYZING, ADVERTISING AND  OTHER TOOLS
aa. With regard to the App we use the advertising identifiers IDFA (for iOS devices) the “Identifier for Advertisers”). These Advertising Identifiers are unique numbers contained on your mobile device. We do not combine the Advertising Identifiers with any other mobile device related information or other personal information of you. The Advertising Identifiers identify your user data to enable us to provide you with personalized advertising and to evaluate your usage of the App. You can deactivate the use of the Advertising Identifiers in the settings of your operating system by switching off ad tracking on iOS (under “Settings/Privacy/Advertising”)

b. We also use the following tools to better understand user preferences through user actions:

aa. We use a self-developed tool with regard to the App that evaluates and stores user activity and user information (for example app launch times, individual button presses, view scroll positions, location, lanauge, region settigns). Currently all this data is being discarded immediately. 

bb. We also use the Facebook Software Development Kit (“Facebook SDK”) of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) with regard to the App. The Facebook SDK allows for analyzing anonymized behavioral data, in particular the counting of active users and activity events (e.g. posts, replies, votes). For further information regarding the Facebook SDK please refer to https://developers.facebook.com/docs/ios?locale=en_GB and https://developers.facebook.com/docs/android?locale=en_GB. This does not give us any access to data from Facebook or a user’s Facebook account by any means. Certain (pseudonymized) data of you might be submitted to Facebook servers in the USA. To our best knowledge Facebook complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Facebook has certified that it adheres to the relevant Privacy Shield Principles. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.

dd. The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States. In case IP-anonymization is activated on the Website, your IP address will be truncated within the area of member states of the European Union or within other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of the Website for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services for the Website operator relating to Website activity and internet usage. The IP-anonymization is active on the Website. The IP address that your browser transfers within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use all functions of the Website. You can also opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the Website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out Browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser add-on or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this Website in the future (this opt-out option applies only for the browser in which you set it and with regard to the Website). In this case an opt-out cookie is put on your device. In case you delete your cookies, you will have to use the aforementioned link again. For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/gb.html, https://support.google.com/analytics/answer/6004245?hl=en, http://www.google.de/intl/en-GB/policies/privacy/. To our best knowledge Google complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Google Inc. (and its wholly-owned US subsidiaries) has certified that it adheres to the relevant Privacy Shield Principles, including for Google Analytics. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.

ee. We use the Firebase SDK of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Firebase”; Firebase is a subsidiary of Google, LLC) with regard to the App. Firebase SDK is a real-time database, which we are using for real-time data exchange and data storage. Firebase SDK also allows for analyzing anonymized behavioral data, in particular the tracking of active users and activity events (e.g. posts, replies, votes), as well as information about crashes, application distribution, application usage and adoption rates for specific app versions. Certain (anonymized) user data is sent to Firebase servers outside the EU. For further information regarding the Firebase SDK please refer to the Firebase privacy policy available over the following link: https://www.firebase.com/terms/privacy-policy.html.

hh. If you decide to deactivate (some of) the tools described in this section 3.b (to the extent this is possible), please note that certain features and functionalities of the Services might not work or might not be accessible to you.

c. The legal basis for the processing of the data described in the sections 3a and 3b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we use and analyze the respective data (i) to improve our Services, such as by gaining a better understanding of your interests and requirements regarding our Services, (ii) to help personalize your user experience, (iii) to provide you with certain features of the Services (without us using such data some of the functionalities of the Services might not work or might not be accessible (this applies, in particular, to the tools mentioned above in sections 3.b bb, cc, ee, ff, gg; with regard to item (iii) such processing of data is also based on Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures)).

4. TECHNICAL IMPLEMENTATION OF THE SERVICES BY SUBCONTRACTORS
We partly use service providers who process Personal Data on behalf of us to operate the technical platform for the Services. To our best knowledge these service providers process the data exclusively according to our instructions (order processing). The legal basis for the data processing described in this section 4 is Art. 6 (1) sentence 1 lit. b GDPR (performance of contract and pre-contractual measures) and Art. 28 GDPR (order processing).

5. DURATION OF STORAGE OF PERSONAL DATA
Unless no shorter storage period is indicated in this privacy policy, we, in general, store Personal Data as long (i) as required for the provisioning of our Services, and/or (ii) as it is necessary with regard to the contractual relationship with you. If we no longer require the respective Personal Data for the purposes described above, such Personal Data will only be stored during the respective legal retention period and not processed for other purposes. Publically available profile information is removed from public availability when you delete your profile (By giving notice to us in a written way as stated in 6. Your Rights). However, so called off-site backups may retain copies of any information (for example data is backed up to tapes routinely and then archived. Access to those archives is limited. Also data like for example profile pictures can remain on other users devices when those devices cache such images for faster display or when their owners decide to create screenshots).

6. YOUR RIGHTS
You have the right to request information from us at any time about your Personal Data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your Personal Data or to object to the processing of your Personal Data as well as the right to receive from us your Personal Data provided to us in a structured, established and machine-readable format (you can transfer this data to other parties or have it transferred; data portability).

If you have given your consent to the use of personal data, you can revoke such consent at any time (for the future). You can withdraw your consent at any time and with future effect. Methods of doing so is by sending us an email or letter to:
Letter: Dammerlberg 59, 84405 Dorfen, Germany

Email: contact@gettwaddle.com

If you believe that the processing of your Personal Data by us is in breach of the applicable data protection laws, you have the right to lodge a complaint with a supervisory authority.

7. CONTACT
You can contact us, for example, via the address indicated below, via contact@gettwaddle.com
For all questions regarding data protection at Twaddle (including the assertion of your rights further describe above under section 6.), you can also contact Twaddle’s Data Protection Officer directly. The contact details of the data protection officer are:
Data Protection Officer Thomas Czok, Roulapp UG (haftungsbeschränkt), Thalhausen bei Kranzberg 85402, Germany
Tel.: + 49 152 56822710
contact@gettwaddle.com

8. KEEPING YOUR PERSONAL DATA SECURE
We place great importance on the security of all Personal Data associated with the use of our Services. We have security measures in place to attempt to protect against the loss, misuse and alteration of Personal Data under our control. Our security and privacy policies are periodically reviewed and enhanced as we consider it appropriate and only authorised personnel have access to Personal Data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

We have taken additional extensive security precautions relating to our Services and its use. However you should bear in mind that in spite of such security measures, submission of information over the internet is never entirely secure. While we take the safety of you data very seriously, there are no guarantees about security on the internet. We are not responsible for the results of data breaches or other unintended situations which may affect your information.

9. Changes to this privacy statement
Twaddle will update this privacy statement as necessary. As we do so, your data is subject to the most recent version which you agreed to. We reserve the right to require approval of any privacy policy updates in order to continue using our services.