The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Kerstin Wartberg
Tulpenstraße 19
59909 Bestwig
Germany
Email: mail@imtex-online.com
Website: www.imtex-online.com
This Privacy Policy applies to the mobile application "IMTEX ONLINE" (hereinafter referred to as "the App").
This Privacy Policy applies exclusively to our mobile application and not to external websites unless explicitly stated.
Personal data means any information relating to an identified or identifiable natural person. This may include, for example, name, address, email address, telephone number, IP address, device identifiers, or other information that can be associated with a person.
We process personal data only to the extent necessary to provide a functional app, its content, and related services. Personal data is generally processed only with the user's consent, unless processing is permitted by law or required for the performance of a contract or for technical reasons.
Where we obtain the data subject’s consent for processing operations involving personal data, the legal basis is Art. 6(1)(a) GDPR.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis is Art. 6(1)(b) GDPR.
Where processing is necessary for compliance with a legal obligation, the legal basis is Art. 6(1)(c) GDPR.
Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis is Art. 6(1)(f) GDPR.
Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored for a longer period where required by European or national legislation, regulations, or other legal obligations. Data is also deleted or blocked when a legally prescribed retention period expires, unless continued storage is required for the conclusion or performance of a contract.
Each time the app is used, our system may automatically collect certain information from the accessing device.
The following data may be collected:
This data is processed to ensure the functionality, security, stability, and optimization of the app, to diagnose technical issues, and to prevent misuse.
The legal basis for the temporary storage and processing of technical data is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and efficient provision of the app and its services.
Technical data is deleted as soon as it is no longer required for the purpose for which it was collected, unless statutory retention obligations apply.
If the app allows you to create an account, the data you enter during registration will be transmitted to us and stored.
This may include in particular:
At the time of registration, the IP address as well as the date and time of registration may also be stored.
Registration data is processed to create and manage your account, provide login functionality, offer user-specific features, and fulfill contractual obligations.
Login credentials such as email address, password, or school code are used solely for authentication and to provide access to the app’s content and services.
These data are not used for tracking, profiling, or advertising purposes.
The legal basis for processing registration data is Art. 6(1)(b) GDPR, insofar as processing is necessary for the performance of a contract or pre-contractual measures. If consent is obtained for certain features, the legal basis is Art. 6(1)(a) GDPR.
The data will be stored for as long as your account exists and as long as necessary to fulfill contractual or legal obligations. After deletion of the account, data will be deleted unless legal retention periods require otherwise.
If you contact us by email or via a contact form within the app, the personal data you provide will be stored by us.
This may include:
The data is processed solely for the purpose of handling your inquiry and communicating with you.
If your inquiry is related to a contract or pre-contractual measures, the legal basis is Art. 6(1)(b) GDPR. In all other cases, the processing is based on our legitimate interest in handling inquiries efficiently pursuant to Art. 6(1)(f) GDPR, or on your consent pursuant to Art. 6(1)(a) GDPR where applicable.
The data will be deleted once your inquiry has been conclusively processed, unless statutory retention obligations apply.
If the app offers push notifications, these will only be sent if you have enabled them on your device or given your consent where required.
Push notifications may be used to provide important app-related information, updates, reminders, or service messages.
The legal basis for sending push notifications is your consent pursuant to Art. 6(1)(a) GDPR, where required.
You can deactivate push notifications at any time in your device settings or within the app settings, if available.
The app provides access to digital content for registered users.
Access to certain content within the app may require a valid user account.
The app itself does not offer any in-app purchases, subscriptions, or payment processing.
The app does not process or store any payment-related data.
The processing of user data for authentication and access to content is based on Art. 6(1)(b) GDPR, as it is necessary for the performance of a contract.
We may process usage data in order to analyze how the app is used, improve app performance, enhance usability, and further develop our services.
Depending on the app configuration, this may include:
We use Firebase Crashlytics, a crash reporting service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to identify and fix technical issues in the app.
Firebase Crashlytics may process technical information such as device type, operating system version, app version, time of the crash, and crash logs. This data is used solely to ensure the stability, security, and functionality of the app and to fix errors.
The data collected through Crashlytics is used exclusively for technical diagnostics and cannot be used to personally identify users.
We do not use Firebase Crashlytics for advertising purposes or cross-app tracking.
We do not use any tracking technologies that allow us to track users across apps or websites.
No user profiling, behavioral tracking, or advertising-related data processing takes place within the app.
We do not use any tracking technologies for advertising purposes.
Where such analytics are strictly necessary for the operation and security of the app, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the technical stability and reliability of the app.
You may object to processing based on legitimate interests where applicable, or withdraw previously granted consent at any time with effect for the future.
We share personal data with third parties only where this is necessary to provide the app, fulfill contractual obligations, comply with legal obligations, or where you have given consent.
Recipients may include in particular:
Where external service providers process data on our behalf, this is done on the basis of appropriate data processing agreements in accordance with Art. 28 GDPR.
In the course of using the app, personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA), in particular to the United States.
Such transfers may occur, for example, when using technical service providers such as Firebase Crashlytics, which may process data on servers located outside the EU/EEA.
We ensure that any such transfers are carried out in compliance with applicable data protection laws. In particular, data transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission or other legally recognized mechanisms.
Where required, we also rely on adequacy decisions issued by the European Commission or comparable legal bases to ensure an adequate level of data protection.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights:
You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to that personal data and further information about the processing.
You have the right to request the correction of inaccurate personal data concerning you and the completion of incomplete personal data.
You have the right to request the deletion of your personal data where the legal requirements are met.
You have the right to request restriction of processing under the conditions set out in Art. 18 GDPR.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller where the legal requirements are met.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data where such processing is based on Art. 6(1)(e) or (f) GDPR.
You have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
We reserve the right to amend this Privacy Policy from time to time in order to reflect legal, technical, or business developments. The current version published in the app shall apply.
If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us at:
Kerstin Wartberg
Tulpenstraße 19
59909 Bestwig
Germany
Email: mail@imtex-online.com