1. Subject matter of this data protection declaration
Thank you for your interest in our apps (Dog Scanner, Cat Scanner and Horse Scanner; the “Services”).
The protection of your personal data is important to us at Siwalu Software GmbH (“Siwalu”, “us”, “we”). Therefore, we would like to offer you comprehensive transparency regarding the processing of your data. Because only if the processing is comprehensible for you as the person concerned are you sufficiently informed about the extent, the purposes and the use of the processing. In the following, we will also show you which accompanying protective measures we have taken from a technical and organizational point of view.
Please note that you can use links in our apps to access other apps or websites that are not operated by us but by third parties. Such links are either clearly identified by us or can be identified by a change in the address line of your browser or by a change to another app pre-installed by you in this case. We are not responsible for compliance with data protection regulations and safe handling of your personal data on these apps or websites operated by third parties.
2. Responsible office
Siwalu Software GmbH with its address is the responsible body within the meaning of the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG): An der Schluse 122a, 48329 Havixbeck, Germany. Please address any questions or comments regarding this data protection declaration or data protection in general to the following e-mail address: email@example.com.
3. General information on data processing
We process personal data within the legally permissible limits. This means that data processing operations must be based on a legal basis. These are standardized in Art. 6 para. 1 DSGVO. Most data processing operations are based on a legitimate interest on our part (Art. 6 para. 1 lit. f DSGVO), on processing operations necessary for the execution of the contract (Art. 6 para. 1 lit. b DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO). In these cases, you will be informed separately of the consent procedure and will receive additional information. Personal data will only be passed on in the cases described below.
Personal data must also be processed for clear purposes (Art. 5 para. 1 lit. b DSGVO). As soon as the purpose of the processing no longer applies, your personal data will be deleted or protected by technical and organizational measures (e.g. pseudonymization). The same applies to the expiry of a prescribed storage period, subject to the cases in which further storage is necessary for the conclusion or performance of a contract. In addition, there may be a legal obligation to store the data for a longer period of time or to pass it on to third parties (in particular to law enforcement authorities). In other cases, the storage period and type of data collected as well as the type of data processing depend on which functions of the apps you use in the individual case. We will also be happy to provide you with information on this in individual cases, in accordance with Art. 15 DSGVO.
4. Collection and processing of your data
As soon as you use our apps, an anonymous user account («Anonymous Account») is automatically created. This Anonymous Account does not allow any identification of personal data.
As a user of an Anonymous Account, you will lose access to the associated data after the app has been uninstalled. However, it is possible to register again. In this case the data from the Anonymous Account will be transferred to the newly created personal user account («Personal Account»).
You will also lose access to your Anonymous Account data if you log in with an existing Personal Account.
In general, an Anonymous Account (with the exception of section 4.2) stores the same data as a Personal Account.
4.1 Using the apps with an Anonymous Account
If you use our apps with an Anonymous Account, the following data will be saved and processed by us. The data processing is carried out to ensure the functionality and security of our information technology systems and services and the further development and optimization of our services, including for marketing purposes. Such purposes constitute legitimate interests in the sense of Art. 6 Para. 1 lit. f DSGVO. The processing is therefore carried out with legal grounds.
a) Feedback functions
- You can send us user feedback in text form via a button on the apps. The feedback can consist of a general contact request, a suggestion to add new or missing animal breeds or a manual bug report.
- Additionally, you can provide feedback on the predicted result of the image recognition. The result feedback is divided into right/wrong/unclear form. If a result is marked by you as false, you can additionally correct the result by providing the actual breed information and provide it to us as part of the feedback. A processing of the image file, which under certain circumstances may contain personal data, will be carried out in case of non-recognition in order to optimize and improve the service.
- You can give a rating of the apps in the form of graphical stars directly via a request in the apps.
All three of the aforementioned processes use the following data, in addition to the inherent data, such as an image file or text file:
The version number of the apps used, information about the platform used (OS type and version), the language used in the apps and the time of sending and the time of server-side reception.
In online mode, photos and/or videos taken or selected from the gallery are processed. These are used for the analysis of the requested breed recognition and for the further development and improvement of breed recognition.
The above data will be stored and processed anonymously or pseudonymously if you have not registered.
b) Application-related data
Application-related data is, in particular, a chronological list of the scanning processes you have performed («History»). Belong to the History:
- Image/video material analyzed for identification
- Percentage of the identified breed(s)
- Time of detection
- If applicable, feedback on the predicted outcome (see a))
Other application-related data include your experience points and challenges achieved, their progress, and usage statistics needed to determine the experience points or challenges (for example, which breeds have already been scanned, the number and date of scans performed). In this context the following data will be stored and processed anonymously or pseudonymously:
- Randomly generated username (can be adjusted by you afterwards)
- Time of creation and, if applicable, the time stamps of modifications to your account
- IP address
In addition, the storage of data (images, text contributions and activities such as Likes), which you share with other users.
The associated processing procedures serve the purpose of being able to assign future usage procedures and to be able to call up the entire range of apps. The processing of your data also serves the purpose of contract implementation, and is therefore earmarked and necessary in accordance with Art. 6 Para. 1 lit. b DSGVO.
The storage of IP address and time of registration is necessary to ensure the security of our information technology systems. This is also in our legitimate interest, which is why the processing is also lawful in accordance with Art. 6 para. 1 lit. f DSGVO.
4.2 Using the Apps with a personal account
You can register in our apps to take advantage of additional services of the apps. If you do so, in addition to the data already stored in an anonymous account, the personal data you provide during registration will be transmitted to us and stored in our information technology systems.
Depending on the chosen form of registration, this may include the following data:
- Profile picture
- Password hash
- E-mail address
- Mobile number
The associated processing procedures serve the purpose of being able to assign future usage procedures and to be able to call up the entire range of apps. Furthermore, the processing of your data serves the purpose of contract implementation, is therefore earmarked and necessary in accordance with Art. 6 para. 1 lit. b DSGVO.
The storage of the personal data entered by you is carried out up to the time of the deletion of your personal account, beyond that only as long as the processing is necessary for possible fulfilment of the contract.
Furthermore, your registration will result in a personal link to the data previously pseudonymized or anonymized in section 4.1. This serves the development process of the service. Furthermore, the data can be evaluated for marketing purposes. This is also in our legitimate interest, in accordance with Art. 6 para. 1 lit. f DSGVO.
Further information on registration and related third-party services can be found in Section 7.
4.3 Passing on personal data for order processing
If you make an in-app purchase on an Apple device, the transaction and payment will be made solely between you and the Apple App Store on the basis of the terms and conditions and privacy policies set forth in the Apple App Store, which are available at https://www.apple.com/legal/internet-services/itunes/de/terms.html and https://www.apple.com/legal/privacy/de-ww/.
The legal basis for the processing described above is Art. 6 Para. 1 Sentence 1 b. DSGVO (The processing is necessary for the fulfilment of a contract with the data subject).
4.4 Forced disclosure
We disclose your personal information to law enforcement authorities, investigating authorities or in legal proceedings if we are required to do so by law or authority or if it is absolutely necessary for the performance of the services or for the protection of our or your rights.
4.5 Sale or Merger
We may disclose your personal information in the event of a merger, acquisition or sale of all or any of our assets. We will notify you of this via a notice on our website and inform you of your rights.
5. Cookies, tracking providers, analysis services
In our apps we use AdMob, a service of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («AdMob»). AdMob allows us to display individualized and relevant ads for you within our apps. To do this, AdMob collects personal information such as device IDs, GPS data or demographic data. Alternatively, users who use the apps within the spatial and material scope of the DSGVO may also receive non-personalised advertising. You will be given the opportunity to give your consent to receive personalised advertisements as soon as you open the apps for the first time. Outside the territorial and material scope of the DSGVO, you will only be shown personalised advertising.
Following the processing of the data, we receive evaluations in the form of reports on statistics on conversions and user behaviour, see among other things No. 5.2. We receive the statistics by linking the services to 5.2 and 5.3 as an overall evaluation. This serves to optimise our service and to improve marketing and direct advertising strategies.
Personal data is processed for marketing purposes and direct advertising, which represent legitimate interests within the meaning of Art. 6 Para. 1 lit. f DSGVO. Your rights will also be sufficiently respected by the possibility of consenting to personalized advertising. Further details on the data collected by Google AdMob can be found in Google’s data protection declaration at https://www.google.com/policies/privacy/.
5.2 Use of Google Ads Conversion Tracking
We use the services of Google Ads, an online advertising program of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («Google»), to advertise our services on external websites by means of advertising media (so-called Google Ads). Siwalu Software GmbH thus pursues a legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO in displaying targeted advertising to you, adapting advertising offers and analysing user behaviour.
5.3 Using Google Firebase
5.3.1 Google Analytics for Firebase
In our apps we use Google Firebase, a service of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («Firebase»). Firebase describes a variety of tools that, among other things, create detailed reports about user behavior and usage modes of our apps (we use Google Analytics for Firebase). We use these reports to improve the user experience, optimize marketing efforts, and improve the quality of our services. Data is collected anonymously prior to a user’s log-in and is not linked to data from third-party sources. The data collected about the use of our apps is transmitted to Firebase and stored there. Firebase uses the advertising ID of the end device of the respective user for this purpose. The advertising ID can be modified in the device settings of the terminal device.
The above-mentioned purposes of optimising our services and the security of our information technology systems and marketing are legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO and constitute the legal basis for our processing.
By the settings made by us, your personal data of the users are processed and stored if possible within the member states of the European Union or in other contracting states of the agreement on the European Economic Area. Full transmission of the IP address to a Google server in the USA only takes place in exceptional cases. This transfer to the USA takes place in accordance with the implementation resolution (EU) 2016/1250 of the EU Commission (EU-US Data Protection Shield).
5.3.2 Firebase Crashlytics
We also use the Firebase tool Firebase Crashlytics to stabilize and improve our apps. Data is collected about the device you are using and the use of our apps (e.g. time stamp, when the respective app was started and when a malfunction occurred), which enables us to diagnose and resolve malfunctions. When using Firebase Crashlytics, your data is only collected in anonymous form, so that neither Google nor us can draw any conclusions about your person. In any case, the evaluation of such error reports and the resulting correction of the underlying faults represents a legitimate interest in the form of guaranteeing the security of our information technology systems in accordance with Art. 6 Para. 1 lit. f DSGVO.
We use Firestore to securely store the information we collect when you use our apps. Without storing the data, all user and profile data would be lost and a new log-in would not be possible. The storage of the data in Firestore is also indispensable for the exercise of all interactions between the users within the apps. Data storage is therefore necessary for the functionality of our apps. Furthermore, the storage of user data serves to prevent fraud and manipulation attempts by third parties. The functionality of the service, its further development and ensuring the integrity and security of our information technology systems are legitimate interests within the meaning of Art. 6 para. 1 lit. f DSGVO. Processing in the form of storage thus takes place on a legal basis.
Users can find Google’s data protection declaration at https://www.google.com/policies/privacy/.
6. Social media links
The social media plug-ins are used for the purpose of an appealing design of our website and to enable the display of third-party content. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 Letter f DSGVO. Data is transferred to the USA in accordance with the implementing resolution (EU) 2016/1250 of the EU Commission (EU-US Data Protection Shield).
If you do not wish the social networks to collect data about Siwalu Software GmbH apps, you should log out of them before using Siwalu Software GmbH apps. However, if the corresponding button is activated by clicking on it, our apps cookie(s) will still be set with an identifier each time you call them up. This function can therefore be used to collect data and create a profile that can possibly be traced back to a single person.
Information on the handling of personal data when using these websites can be found in the respective data protection provisions of the providers.
7. Registration and Authentication
By registering or authenticating in the Apps, you authorize Siwalu Software GmbH to identify you and grant you access to specific services. Depending on what is stated below, third-party providers may provide login and authentication services. In this case, the Apps may access some data stored by these third parties for login or identification purposes.
7.1 Using Firebase Authentication
In our apps we use Google Firebase Authentication, a service of Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («Google»). Firebase Authentication is a login and authentication service provided by Google. To simplify the sign-in and authentication process, Firebase Authentication can use third-party identity services and store the information on its platform. With respect to the possible collection of data by third parties, we point out 7.2. and 7.3. where the respective data collected is listed. Firebase Authentication thus acts as an intermediary for data collection, third parties and us. Firebase Authentication stores the data collected on our behalf so that we can use and process it for the Apps. We comply with the strict legal requirements for such a contract with Firebase Authentication with regard to the contract processing as defined in Art. 28 DSGVO.
This concerns the following personal data collected: Username, profile picture and e-mail address. When registering via SMS identification, the corresponding mobile number is also collected.
In these processing cases, the processing takes place on the basis of your consent pursuant to Art. 6 Para. 1 lit. a in conjunction with Art. 7 DSGVO. Processing therefore takes place on a legal basis.
Further information on data protection can be found in Google’s data protection conditions https://policies.google.com/privacy.
7.2 Use of Facebook Connect
Our apps allow you to login through Facebook-Connect. Facebook Connect is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland («Facebook»). This service makes an additional separate registration with your personal data mandatory. For registration purposes, you will either switch to the locally installed Facebook app or be redirected to an appropriate Facebook website. There you can log in with your user data and consent to the processing of the following data by us. This links your Facebook profile to our platform. Through this link, Facebook provides us with the following information about your public profile: User ID, first name, last name, e-mail address, gender, language, country, age range, friends, likes, profile picture and relationship status. We will only use the following information: Your user ID, first name, last name, e-mail address and profile picture. This information is required for registration – it is necessary for identification purposes. The processing takes place on the basis of your consent expressly given during registration in accordance with Art. 6 Para. 1 lit. a DSGVO. You may revoke this consent at any time in accordance with Art. 7 para. 3 DSGVO.
The Facebook data protection declaration can be downloaded here: https://www.facebook.com/about/privacy/.
7.3 Use of Google Login
Our apps allow you to log in through the Google login, a link to the service provider Google Ireland Limited, Gordon House, 4 Barrow Street, D04 E5W5 Dublin, Ireland («Google»). This service makes an additional separate registration with your personal data mandatory. You will be redirected to a Google page for registration purposes. There you can log in with your user data and consent to the processing of the following data by us. This links your Google profile to our apps. Through this link we receive the following information from Google: User ID, first name, surname, username, e-mail address and profile picture. We only use the following data: Your user ID, first name, last name, e-mail address and profile picture. This information is mandatory for registration – it is necessary for identification. Processing takes place on the basis of your express consent given during registration in accordance with Art. 6 Para. 1 lit. a DSGVO. You may revoke this consent at any time in accordance with Art. 7 para. 3 DSGVO.
8. Right of revocation and objection
If the processing of your personal data is based on your consent (Art. 6 para. 1 lit. a DSGVO), you can revoke this at any time in accordance with Art. 7 para. 3 DSGVO. The processing is lawful until your revocation – the revocation therefore only affects the processing after receipt of your revocation. You can declare your revocation informally by post or e-mail. The processing of your personal data will then no longer take place, subject to approval by another legal basis. If this is not the case, your data must be deleted immediately after revocation in accordance with Art. 17 para. 2 DSGVO.
Art. 21 DSGVO gives you the right to object: This means that you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation. The processing of this data must therefore have been carried out in accordance with Art. 6 Para. 1 lit. e or f. A special reason for processing need not exist if you object to the processing of data used for direct marketing. This also applies to profiling as far as it is related to direct marketing.
To do this, please send an informal e-mail to: firstname.lastname@example.org.
9. Data security
We use technical and organizational security measures in order to protect personal data that are collected or that may be collected, in particular against accidental or intentional manipulation, loss, destruction or against attacks by unauthorized persons. Our security measures are continuously improved in line with technological developments.
10. Rights of data subjects
The legal data protection regulations grant you the following rights as a person concerned:
The right of access pursuant to Art. 15 DSGVO, the right of rectification of your data pursuant to Art. 16 DSGVO, the right of deletion and oblivion pursuant to Art. 17 DSGVO, the right of limitation of the processing of your data pursuant to Art. 18 DSGVO and the right of data transfer pursuant to Art. 20 DSGVO. The right of deletion and the right to information are subject to the restrictions of §§ 34, 35 BDSG.
To exercise these rights, please send an informal e-mail to: email@example.com. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
11. Automated decisions in individual cases including profiling
Automated decisions in individual cases, including profiling, are not made.
Last change: 15 February 2020