1. Subject matter of this data protection declaration
Thank you for your interest in our app Dog Face (hereinafter also referred to as «App», “Service”).
The protection of your personal data is important to us at Siwalu Software GmbH (“Siwalu”, “us”, “we”). Therefore, we would like to offer you comprehensive transparency regarding the processing of your data. Because only if the processing is comprehensible for you as the person concerned are you sufficiently informed about the extent, the purposes and the use of the processing. In the following, we will also show you which accompanying protective measures we have taken from a technical and organizational point of view.
Please note that you can use links in our app to access other apps or websites that are not operated by us but by third parties. Such links are either clearly identified by us or can be identified by a change in the address line of your browser or by a change to another app pre-installed by you in this case. We are not responsible for compliance with data protection regulations and safe handling of your personal data on these apps or websites operated by third parties.
2. Responsible office
Siwalu Software GmbH with its address is the responsible body within the meaning of the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG): An der Schluse 122a, 48329 Havixbeck, Germany. Please address any questions or comments regarding this data protection declaration or data protection in general to the following e-mail address: firstname.lastname@example.org.
3. General information on data processing
We process personal data within the legally permissible limits. This means that data processing operations must be based on a legal basis. These are standardized in Art. 6 para. 1 DSGVO. Most data processing operations are based on a legitimate interest on our part (Art. 6 para. 1 lit. f DSGVO), on processing operations necessary for the execution of the contract (Art. 6 para. 1 lit. b DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO). In these cases, you will be informed separately of the consent procedure and will receive additional information. Personal data will only be passed on in the cases described below.
Personal data must also be processed for clear purposes (Art. 5 para. 1 lit. b DSGVO). As soon as the purpose of the processing no longer applies, your personal data will be deleted or protected by technical and organizational measures (e.g. pseudonymization). The same applies to the expiry of a prescribed storage period, subject to the cases in which further storage is necessary for the conclusion or performance of a contract. In addition, there may be a legal obligation to store the data for a longer period of time or to pass it on to third parties (in particular to law enforcement authorities). In other cases, the storage period and type of data collected as well as the type of data processing depend on which functions of the app you use in the individual case. We will also be happy to provide you with information on this in individual cases, in accordance with Art. 15 DSGVO.
4. Collection and processing of your data
As soon as you use our app, an anonymous user account («anonymous account») is automatically created. This anonymous account does not allow identification of personal data. Users lose access to the data associated with their anonymous account after the app is uninstalled.
The data processing is carried out to ensure the functionality and security of our information technology systems and services and the further development and optimization of our services for marketing purposes, among others. Such purposes constitute legitimate interests within the meaning of Art. 6 (1) lit. f DSGVO. The processing is therefore carried out with legal grounds.
In detail, the following data is stored and processed by us:
a) Feedback functions
You can provide feedback in text form via a button on the app. The feedback can consist of a general contact request or a manual bug report. Furthermore, you can submit a rating of the app in the form of graphical stars directly via a request in the app. Both of the above processes use the following data: The version number of the app used, information about the platform used (OS type and version), the language used in the app and the time of submission as well as the time of server-side reception.
b) Application-related data
During automated image processing, the following data is collected from our side: The IP address of the user, the version number of the app used, information about the platform used (OS type and version), the selected dog breed and the time of the processing request.
4.1 Handling sensitive data
Immediately after the image processing is completed and the user is presented with the result, all images are deleted from our server so that Siwalu has no further access to them. Furthermore, in accordance with Art. 9 (1) DSGVO, no personal data is extracted or processed during the entire automated editing process that could allow conclusions to be drawn about the identity of our users. If files from the app’s Internet search function are used for processing, we reserve the right to store and evaluate the results for the purpose of improving our service. Since the data processed in this case originates from an Internet search, we assume that it is not private or sensitive content.
4.2 Passing on personal data for order processing
If you make an in-app purchase on an Apple device, the transaction and payment will be made solely between you and the Apple App Store on the basis of the terms and conditions and privacy policies set forth in the Apple App Store, which are available at https://www.apple.com/legal/internet-services/itunes/de/terms.html and https://www.apple.com/legal/privacy/de-ww/.
The legal basis for the processing described above is Art. 6 Para. 1 Sentence 1 b. DSGVO (The processing is necessary for the fulfilment of a contract with the data subject).
4.4 Forced disclosure
We disclose your personal information to law enforcement authorities, investigating authorities or in legal proceedings if we are required to do so by law or authority or if it is absolutely necessary for the performance of the services or for the protection of our or your rights.
4.5 Sale or Merger
We may disclose your personal information in the event of a merger, acquisition or sale of all or any of our assets. We will notify you of this via a notice on our website and inform you of your rights.
5. Cookies, tracking providers, analysis services
In our app we use AdMob, a service of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («AdMob»). AdMob allows us to display individualized and relevant ads for you within our app. To do this, AdMob collects personal information such as device IDs, GPS data or demographic data. Alternatively, users who use the app within the spatial and material scope of the DSGVO may also receive non-personalised advertising. You will be given the opportunity to give your consent to receive personalised advertisements as soon as you open the app for the first time. Outside the territorial and material scope of the DSGVO, you will only be shown personalised advertising.
Following the processing of the data, we receive evaluations in the form of reports on statistics on conversions and user behaviour, see among other things No. 5.2. We receive the statistics by linking the services to 5.2 and 5.3 as an overall evaluation. This serves to optimise our service and to improve marketing and direct advertising strategies.
Personal data is processed for marketing purposes and direct advertising, which represent legitimate interests within the meaning of Art. 6 Para. 1 lit. f DSGVO. Your rights will also be sufficiently respected by the possibility of consenting to personalized advertising. Further details on the data collected by Google AdMob can be found in Google’s data protection declaration at https://www.google.com/policies/privacy/.
5.2 Use of Google Ads Conversion Tracking
We use the services of Google Ads, an online advertising program of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («Google»), to advertise our services on external websites by means of advertising media (so-called Google Ads). Siwalu Software GmbH thus pursues a legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO in displaying targeted advertising to you, adapting advertising offers and analysing user behaviour.
5.3 Using Google Firebase
5.3.1 Google Analytics for Firebase
In our app we use Google Firebase, a service of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («Firebase»). Firebase describes a variety of tools that, among other things, create detailed reports about user behavior and usage modes of our app (we use Google Analytics for Firebase). We use these reports to improve the user experience, optimize marketing efforts, and improve the quality of our services. Data is collected anonymously prior to a user’s log-in and is not linked to data from third-party sources. The data collected about the use of our app is transmitted to Firebase and stored there. Firebase uses the advertising ID of the end device of the respective user for this purpose. The advertising ID can be modified in the device settings of the terminal device.
The above-mentioned purposes of optimising our services and the security of our information technology systems and marketing are legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO and constitute the legal basis for our processing.
By the settings made by us, your personal data of the users are processed and stored if possible within the member states of the European Union or in other contracting states of the agreement on the European Economic Area. Full transmission of the IP address to a Google server in the USA only takes place in exceptional cases. This transfer to the USA takes place in accordance with the implementation resolution (EU) 2016/1250 of the EU Commission (EU-US Data Protection Shield).
5.3.2 Firebase Crashlytics
We also use the Firebase tool Firebase Crashlytics to stabilize and improve our app. Data is collected about the device you are using and the use of our app (e.g. time stamp, when the respective app was started and when a malfunction occurred), which enables us to diagnose and resolve malfunctions. When using Firebase Crashlytics, your data is only collected in anonymous form, so that neither Google nor us can draw any conclusions about your person. In any case, the evaluation of such error reports and the resulting correction of the underlying faults represents a legitimate interest in the form of guaranteeing the security of our information technology systems in accordance with Art. 6 Para. 1 lit. f DSGVO.
Users can find Google’s data protection declaration at https://www.google.com/policies/privacy/.
6. Social media links
The social media plug-ins are used for the purpose of an appealing design of our website and to enable the display of third-party content. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 Letter f DSGVO. Data is transferred to the USA in accordance with the implementing resolution (EU) 2016/1250 of the EU Commission (EU-US Data Protection Shield).
If you do not wish the social networks to collect data about Siwalu Software GmbH apps, you should log out of them before using the app. However, if the corresponding button is activated by clicking on it, our app cookie(s) will still be set with an identifier each time you call them up. This function can therefore be used to collect data and create a profile that can possibly be traced back to a single person.
Information on the handling of personal data when using these websites can be found in the respective data protection provisions of the providers.
7. Right of revocation and objection
If the processing of your personal data is based on your consent (Art. 6 para. 1 lit. a DSGVO), you can revoke this at any time in accordance with Art. 7 para. 3 DSGVO. The processing is lawful until your revocation – the revocation therefore only affects the processing after receipt of your revocation. You can declare your revocation informally by post or e-mail. The processing of your personal data will then no longer take place, subject to approval by another legal basis. If this is not the case, your data must be deleted immediately after revocation in accordance with Art. 17 para. 2 DSGVO.
Art. 21 DSGVO gives you the right to object: This means that you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation. The processing of this data must therefore have been carried out in accordance with Art. 6 Para. 1 lit. e or f. A special reason for processing need not exist if you object to the processing of data used for direct marketing. This also applies to profiling as far as it is related to direct marketing.
To do this, please send an informal e-mail to: email@example.com.
8. Data security
We use technical and organizational security measures in order to protect personal data that are collected or that may be collected, in particular against accidental or intentional manipulation, loss, destruction or against attacks by unauthorized persons. Our security measures are continuously improved in line with technological developments.
9. Rights of data subjects
The legal data protection regulations grant you the following rights as a person concerned:
The right of access pursuant to Art. 15 DSGVO, the right of rectification of your data pursuant to Art. 16 DSGVO, the right of deletion and oblivion pursuant to Art. 17 DSGVO, the right of limitation of the processing of your data pursuant to Art. 18 DSGVO and the right of data transfer pursuant to Art. 20 DSGVO. The right of deletion and the right to information are subject to the restrictions of §§ 34, 35 BDSG.
To exercise these rights, please send an informal e-mail to: firstname.lastname@example.org. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
10. Automated decisions in individual cases including profiling
Automated decisions in individual cases, including profiling, are not made.
Last change: 22 July 2022