Privacy statement App Going Local Berlin

1) Information on collecting personal data and contact details of the responsible person
1.1 We are pleased that you are using our Going Local Berlin application (hereinafter “app”). In this privacy statement, we wish to inform you about the handling of your personal data when using our app. Personal data in this context is all information that relates to an identified or identifiable person.
1.2 The publisher and thus the party responsible for data processing in relation to the Going Local Berlin app is:
Berlin Tourismus & Kongress GmbH,
Schöneberger Straße 15
10963 Berlin, Germany,
Phone: 030/ 25 00 23 33 Fax: 030/ 25 00 24 24
Email: hallo@visitBerlin.de,
hereinafter referred to as “visitBerlin”.

1.3 visitBerlin has appointed a data protection officer for the Going Local Berlin app, who can be contacted as follows:

AMD TÜV Arbeitsmedizinische Dienste GmbH
Herr Oliver Gröger
Alboinstraße 56
12103 Berlin
 
datenschutz@visitBerlin.de

2) Use of our Going Local Berlin app
As part of our extensive online services, we also offer the option of downloading the Going Local Berlin app to your mobile phone. If you download our Going Local Berlin app via an app store, the data necessary for this will be transferred to the party responsible for the app store. In particular, this includes your user name, the email address and customer number associated with your account, the time of the download, payment information and the unique number of your device (IMEI). visitBerlin has no influence on the collection, processing and use of your personal data, which are necessary for the provision of the download of our Going Local Berlin app in the app store. The party responsible in this respect is the operator of the respective app store, who you can obtain information from directly, if required.

When using our Going Local Berlin app, we only collect data that your device transmits to our servers and those of the third-party providers mentioned below. When you open our app, we collect the following data which is technically necessary for us to display the app to you:
- Our visited app
- Date and time accessed
- Quantity of data sent in bytes
- Operating system used
- IP address used (if necessary in anonymised form)
- GPS data or other telephone-related location data (e.g. via WiFi, with express consent)
visitBerlin uses this data in accordance with our legitimate interest as per Art. 6(1) lit. f GDPR in the provision and continuous improvement of our services. visitBerlin processes this data only insofar as it is necessary for the proper functionality of our Going Local Berlin app. If you revoke the right to use this data, it will be deleted immediately, provided that there are no legal obligations to retain it.

3) Collection of location data
We require access to your device location. When you make a request, we collect your current location via GPS in order to provide you with information about your immediate surroundings quickly. The location information is solely used for the proper operation of the app and its functions. Subsequently withdrawn or not granted authorisation may lead to incorrect app behaviour or to individual functions not being available. Data about your location will be used to process your request. Your location data is transmitted via an encrypted connection. It is anonymised after your request is completed and statistically analysed to improve our service. GPS data collected does not allow any conclusions to be drawn about your personal identity. Your location data that is collected will be kept for a period of six months.
After launching the Going Local Berlin app, you will be asked to actively share your location data with visitBerlin. The sharing of location data with visitBerlin can be switched off for the future at any time after the first set-up process in the settings under the visitBerlin Heat Maps Location Data menu item. After deactivating the sharing of location data with visitBerlin, no more location data will be shared with visitBerlin.

4) Making contact
Personal data is collected when you make contact with us (e.g. by contact form or email). Which data is collected when you use a contact form in the app is apparent from the contact form itself. This data is stored and used exclusively for the purpose of answering your request or for making contact, and the associated technical administration. The legal basis for the processing of data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f of the GDPR. If you make contact with a view to concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b of the GDPR. Your data will be deleted after the final processing of your request. This is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided there are no legal obligations to retain the data.

5) Web analysis services/tools and other services
5.1 Google Firebase
Upon consent, this app uses the Google Analytics for Firebase or Firebase Analytics service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for a cross-device analysis of visitor flows, which is performed via a user ID. Firebase Analytics may share data with other tools provided by Firebase such as Crash Reporting, Authentication, Remote Config or Notifications.
Within this app, Firebase is used solely to track user interaction with the app to ensure stability and improvements to interaction capabilities for future updates to the app. You can opt out of cross-device analysis of your usage in your Google customer account https://support.google.com/analytics/answer/6004245?hl=en under My Data > Personal Data.
More information on dealing with user data in Google Analytics for Firebase/Firebase Analytics can be found in the
Google privacy statement:
https://support.google.com/analytics/answer/6004245?hl=en

5.2 Firebase Crashlytics
This app uses the Software Development Kit (SDK) of Firebase Crashlytics, a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Crashlytics is used solely to analyse bugs in the app and for technical optimisation.
More information on the handling of user data in Firebase Crashlytics can be found in the Firebase Crashlytics privacy statement:
https://firebase.google.com/support/privacy
5.3 YouTube API    
This app uses the embedding function of the YouTube API to display and play videos of the “YouTube” provider, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the YouTube provider uses cookies to collect information about user behaviour. According to information from YouTube, these are used, for example, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f GDPR on the basis of Google’s legitimate interests in the insertion of personalised advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles; you must contact YouTube to exercise this right. Within the scope of using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Irrespective of whether the embedded videos are played or not, a connection to the Google network is established each time this website is opened, which may trigger further data processing operations without our influence.
As far as legally required, we have obtained your consent pursuant to Art. 6 (1) lit. a GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the settings.
More information on the handling of user data on YouTube can be found in the
YouTube privacy statement:
https://policies.google.com/privacy
5.4 - Google Maps and Apple Maps
This app uses the map services Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") and Apple Maps from Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. Google Maps and Apple Maps are web services for displaying interactive (land) maps in order to visually display geographical information. By using this service, you will be shown various locations, and it will be easier for you to find them.
Information about your use of our app (such as your IP address) is transmitted to Google or Apple servers and stored there when you visit those sub-pages in which the Google Maps and Apple Maps map is integrated; this information may also be transmitted to Google LLC. or Apple Inc. servers in the USA. This occurs regardless of whether Google or Apple provides a user account via which you are logged in or whether a user account exists. If you are logged in to Google or Apple, your data will be directly assigned to your account. If you do not wish to have your data associated with your Google or Apple profile, you must log out before activating the button. Google or Apple stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and analysis are carried out in accordance with Art. 6 para. 1 lit. f of the GDPR on the basis of Google's or Apple's legitimate interest in displaying personalised advertising, market research and/or the needs-based design of Google or Apple websites. You have the right to object to the creation of these user profiles, and you must contact Google or Apple to exercise this right. If you do not agree to the future transmission of your data to Google or Apple in the context of the use of Google Maps or Apple Maps, you also have the option of completely deactivating the Google Maps or Apple Maps web service by switching off the JavaScript application in your browser. Google Maps or Apple Maps and thus also the map display on this website can then not be used.
You can view Google's terms of use at https://policies.google.com/terms?hl=en-GB&gl=de, and the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html
Detailed information on data protection in connection with the use of Google Maps can be found on Google's website (Google Privacy Policy): https://policies.google.com/privacy?hl=en-GB&gl=de
You can view Apple's terms of use at https://www.apple.com/legal/, and the additional terms of use for Apple Maps can be found at https://www.apple.com/legal/internet-services/maps/terms-en.html
Detailed information on data protection in connection with the use of Apple Maps can be found on Apple's website: https://www.apple.com/privacy/
As far as legally required, we have obtained your consent in accordance with Art. 6 para. 1 lit. a of the GDPR for the processing of your data as described above. You can revoke your consent at any time with future effect. To exercise your right of revocation, deactivate this service in the settings.

5.5 Favourites
The Going Local Berlin app offers you the option of saving entries as favourites. You can agree to share this data with visitBerlin as part of the set-up process for the Going Local Berlin app. This data is stored and analysed on our servers in anonymised form in order to understand the behaviour of our app users and to continuously improve our services. You can revoke this consent at any time in the settings under the Privacy menu item. After the “Share favourites with visitBerlin” button has been deactivated, your favourites will no longer be shared with visitBerlin.

6) Rights of data subjects
6.1 The applicable data protection law grants you comprehensive data subject rights with respect to the data controller responsible for processing your personal data (rights of access and intervention) about which we inform you below:
- Right to information in accordance with Art. 15 of the GDPR: In particular, you have a right of access concerning your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or is disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of any right to rectification, erasure, restriction of processing, objection to processing, complaining to a supervisory authority, the source of your data if it was not collected from you by us, the existence of any automated decision making including profiling and if necessary important information on the logic involved and the scope concerning you and the desired effects of such processing as well as your right to notification about which guarantees exist as per Art. 46 of the GDPR on transferring your data to third countries;
- Right to rectification in accordance with Art. 16 of the GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
- Right to erasure in accordance with Art. 17 of the GDPR: You have the right to demand erasure of your personal data subject to the provisions of Art. 17 para. 1 of the GDPR. However, this right shall not apply in particular if the processing is necessary to exercise the right to free expression of opinion and to information, to fulfil any legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing in accordance with Art. 18 of the GDPR: You have the right to demand restriction of the processing of your personal data as long as the accuracy of our data disputed by you is reviewed, if you reject erasure of your data on account of unreliable data processing and instead demand restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims, after we no longer require such data once it has achieved its purpose or if you have submitted an objection for reasons pertaining to your specific situation, unless it is yet to be determined whether our legitimate reasons prevail;
- Right to information in accordance with Art. 19 of the GDPR: If you have asserted the right to rectification, erasure or restriction of processing to the data controller, this entity is obliged to inform all the recipients to whom the personal data concerning you has been disclosed of such rectification or erasure of data or restriction of processing, unless this proves to be impossible or is associated with disproportionate costs. You have the right to be informed of such recipients.
- Right to data portability in accordance with Art. 20 of the GDPR: You have the right to receive your personal data which you have made available to us in a structured, accessible and machine-readable format or to demand transmission to another data controller insofar as this is technically feasible;
- Right to revoke consent given in accordance with Art. 7 para. 3 of the GDPR: You have the right to withdraw your consent to the processing of data at any time with future effect. In the event of withdrawal, we will immediately delete the data concerned, unless further processing can be legally based on processing that does not require consent. The withdrawal of the consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal;
- Right to lodge a complaint in accordance with Art. 77 of the GDPR: If you are of the opinion that the processing of personal data concerning you is in breach of the GDPR, you have – regardless of any other administrative or legal remedy – the right to complain to a supervisory authority, particularly in the member state of your place of residence, your workplace or the place of the presumed infringement.
6.2 RIGHT TO OBJECT
IF AS PART OF THE BALANCING OF INTERESTS WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREVAILING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO SUBMIT AN OBJECTION TO SUCH PROCESSING WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION.
IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING GROUNDS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US IN ORDER TO CONDUCT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR THE PURPOSE OF DIRECT ADVERTISING.

7) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the processing purpose and - if relevant - also on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When personal data is processed on the basis of express consent in accordance with Art. 6 para. 1 lit. a of the GDPR, this data is stored until the person concerned revokes his or her consent.
If there are statutory retention periods for data that is processed within the scope of legal obligations or similar obligations on the basis of Art. 6 para. 1 lit. b of the GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the performance of the contract or the initiation of the contract and/or there is no legitimate interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6 para. 1 lit. f of the GDPR, this data is stored until the data subject exercises his or her right to object in accordance with Art. 21 para. 1 of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Art. 21 para. 2 of the GDPR.
Unless stated otherwise in the other information in this statement about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or processed.

8) Adaptation or amendment of this privacy statement
This privacy statement is currently valid as of March 2021. Due to the ongoing development of our app and the addition of new services, it may become necessary to amend this privacy statement. Please make sure that you have the latest version.
Copyright © 2021, IT-Recht-Kanzlei, Alter Messeplatz 2, 80339 Munich, Germany Phone: +49 (0)89 / 130 1433 0 Fax: +49 (0)89 / 130 1433 - 60

Version: July 2021