Privacy Policy for the App "My DVD Collection" / "My Movie Collection" (Version 1.1)

I. General

1. Legal Basis for Processing Data

Personal data is processed in accordance with the GDPR. It is only processed after the user has given consent for this by accepting this privacy policy. The only exception is the case where processing of data is legally allowed without the user given consent. This can for example be the case when the processing is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

2. Maximum Storage Time and Data Deletion

Any user related data is deleted shortly after the purpose for storage does not apply anymore. Data is also deleted in case a legal obligated storage period exceeds except when further storage is necessary by another legal obligation or for the performance of a contract in which the user is a participant.

3. Owner and Data Controller

Leif Both

Moritzstraße 37

44807 Bochum

Germany

Phone: +49 15206596155

E-Mail: leif.both@leifhacks-apps.com

II. Required Permissions

The app requires some permissions to work properly.

1. Internet Connection

A core functionality of the app is to request data via the internet. This requires the corresponding permission for internet connectivity.

2. In-App Purchases

The app offers the possibility to purchase a premium version of the app with additional functionalities. For this, it requires the corresponding permission for in-app purchases.

3. Push Notifications

The user is able to create a support ticket via the app. In order to be notified via push notifications in case of a response to the ticket, the user can grant the corresponding permission for push notifications. If the permission is not granted, no notification is sent to the user's device.

4. Camaera Access

The app provides the possibility to scan ISBN bar codes using the device's camera. This requires the corresponding permission.

III. On-Device Storage

1. Data Processing

1.1. Movie Collection

The own created movie collection is stored on the device. This includes all shelves, the wish list, and all movies and series contained therein (with covers). Furthermore, labels and the like are stored locally.

1.2. User Data

If the online mode with login is used, the following user data will be stored on the device: Name, e-mail address, app-specific user ID, added friends.

2. Legal Basis for Processing Data

The processing of the data described in 1.1 is a legitimate interest of the data controller and this interest is not overridden by the rights, interests or freedoms of the user. The personal data described in 1.2 will only be processed if the user has given his/her consent.

3. Purpose of Data Processing

Storing data on the device is required so it is available permanently (e.g. after restarting the device). This is mandatory for the app to work.

4. Storage Time

All processed data is stored as long as the app is installed or the user manually removes the data via the device's storage settings.

5. Possibilities for Objection and Data Removal

Any processed data stored on the device can be removed anytime via the device's storage settings or by uninstalling the app.

IV. Storage on the App Server

If the online mode with login is used, data is sent to the app server and stored there.

1. Data Processing

1.1. Movie Collection

The own created movie collection is stored on the server. This includes all shelves, the wish list, and all movies and series contained therein, including covers. Furthermore, labels and the like are stored.

1.2. User Data

The following user data is sent to the server: Name, app-specific user ID, device language, added friends.

2. Legal Basis for Processing Data

The personal data specified in the above will only be processed if the user has given his consent.

3. Purpose of Data Processing

Storage on the server is necessary so that they are available from different devices, or so that other users (if added as friends) can access them.

4. Storage Time

The collected data is stored as long as the app is installed. No later than 30 days after uninstallation, all the above data will be deleted from the server.

5. Possibilities for Objection and Data Removal

The data stored on the server can be deleted at any time under Help/Info → Privacy Settings → "Delete all data". Individual shelves can be set to "private" so that no other user has access to them anymore.

V. Authentifaction with Firebase

If the online mode with login is used, this login is done via Firebase.

1. Data Processing

The "My Movie Collection" app uses Firebase Authentication (https://firebase.google.com/docs/auth) to authenticate users. For this purpose, the login data used is sent to Firebase (example Gmail: Gmail address).

More information about Firebase and privacy can be found here:

https://firebase.google.com/support/privacy

2. Legal Basis for Processing Data

Above mentioned personal data is only processed after the user has given consent.

3. Purpose of Data Processing

The use of Firebase Authentication is necessary to ensure that only the user has access to his data and that the highest security standards apply when using login data.

4. Storage Time

Information on the duration of storage can be found on Firebase's privacy page:

https://policies.google.com/privacy

5. Possibilities for Objection and Data Removal

Information on possibilities of objection and removal can be found on the data protection page of Firebase:

https://policies.google.com/privacy

VI. Search Requests

Search queries are used to find film or series for a specific search term or EAN.

1. Data Processing

The requests are send to external services (see below). The providers of these services store basic information like IP address or device info for each request.

1.1. Search by search term

Search queries are processed using the TMDB API. More information about TMDB and data protection can be found here: https://www.themoviedb.org/privacy-policy

1.2. Search by EAN

Search requests for EANs are sent to the app server. No data beyond that specified in XIII. and XIV. is stored.

2. Legal Basis for Processing Data

Above mentioned personal data is only processed after the user has given consent.

3. Purpose of Data Processing

Search requests to online services are a useful way to access large databases and to use this information inside the app.

4. Storage Time

Further information on the storage time can be found on respective privacy pages.

5. Possibilities for Objection and Data Removal

Further information on Possibilities for Objection and Data Removal can be found on the respective privacy pages.

VII. Storage of User-generated Covers.

1. Data Processing

If the online mode with login is used, the app uses Cloud Storage for Firebase (https://firebase.google.com/docs/storage) to store user-generated images (from the gallery or with the camera) online. For this purpose, the image files are sent to Firebase.

More information about Firebase and privacy is located here:

https://firebase.google.com/support/privacy

2. Legal Basis for Processing Data

Above mentioned personal data is only processed after the user has given consent.

3. Purpose of Data Processing

The storage of data in the cloud storage is necessary so that it is available from different devices.

4. Storage Time

For more information on the storage period, please refer to the above-mentioned data protection page.

5. Possibilities for Objection and Data Removal

You can find further information on objection and deletion options on the respective data protection page.

VIII. In-App Purchases

1. Data Processing

In the scope of in-app purchases the Google Play Store (for the Android app) or App Store (for the iOS app) are processing data. This covers especially data related to electronic payment. The data is processed locally by the app and stored on the device.

Further information on Google resp. Apple and privacy can be found here:

https://policies.google.com/privacy

https://www.apple.com/legal/privacy/

Purchase details are furthermore sent to the app server. This includes purchase id, product id, status and date of purchase but no data related to electronic payment

2. Legal Basis for Processing Data

Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

3. Purpose of Data Processing

Processing of above mentioned data is responsible to verify in-app purchases as well as the determination which contents have been bought in order to provide them adequately to the customer.

4. Storage Time

Further information on the storage time can be found on the Privacy Page of Google resp. Apple:

https://policies.google.com/privacy

https://www.apple.com/legal/privacy/

The data stored on the app server is deleted in case they are not necessary for the initial purpose anymore.

5. Possibilities for Objection and Data Removal

The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.

IX. Push Notifications

Push notifications are used to inform the user about answers to support tickets.

1. Data Processing

1.1. Firebase Cloud Messaging Token

After the app’s installation a random token is generated which is uniquely identifies the current installation of the app. This token is necessary to receive push notifications or to associate other data with the device.

1.2. Processing by Google Firebase

Push notifications are send by the app's Server to the Google Firebase servers in order to forward them to the associated device. Firebase is used as a transmitter only and cannot make any conclusions about the user. For further information about Google Firebase & Privacy please refer to:

https://policies.google.com/privacy

1.3. Processing on the app server

Token, device language and operating system (Android/iOS) are sent to the server and stored so that notifications can be delivered as desired.

2. Legal Basis for Processing Data

Above mentioned personal data is only processed after the user has given consent.

3. Purpose of Data Processing

Processing of above mentioned data is required to deliver push messages correctly.

4. Storage Time

Further information on the storage time can be found on the Privacy Page of Google:

https://policies.google.com/privacy

5. Possibilities for Objection and Data Removal

The user can deny the permission to send notifications.

X. Support Tickets

1. Data Processing

Support tickets created by the user as well as the message history are stored on the app server. In addition, device related data is stored in case permission for this is granted by the user. This includes the used Firebase Cloud Messaging Token or purchase information. This data is not stored together with other user related data like mail address or user name.

2. Legal Basis for Processing Data

Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

3. Purpose of Data Processing

The temporary storage of support tickets is required to allow replying to the requests. Device related data is required to identify potential errors and bugs. They are NOT used for marketing purposes.

4. Storage Time

The data is deleted in case they are not necessary for the initial purpose anymore.

5. Possibilities for Objection and Data Removal

The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.

XI. User Interactions

1. Data Processing

Some user interactions are processed on the app server. This contains information about consent to this privacy policy, onboarding activities or pricing page accesses. Besides the Firebase Cloud Messaging Token no personal data is processed and stored for this purpose.

2. Legal Basis for Processing Data

Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

3. Purpose of Data Processing

The processing and storage of the data described above is necessary to securely prove the purchase of in-app products or the consent of the user.

4. Storage Time

The data is deleted in case they are not necessary for the initial purpose anymore.

5. Possibilities for Objection and Data Removal

The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.

XII. Google AdMob

1. Data Processing

The free version of this app uses Google AdMob (https://admob.google.com/intl/de/home/) to display non-personalized advertisements.

Further information on Google and privacy can be found here:
https://policies.google.com/privacy

2. Legal Basis for Processing Data

Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

3. Purpose of Data Processing

The Usage of Google AdMob to display ads is necessary to provide the app at no charge.

4. Storage Time

Further information on the storage time can be found on the Privacy Page of Google:

https://policies.google.com/privacy

5. Possibilities for Objection and Data Removal

The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.

XIII. Logs

1. Data Processing

The “My DVD Collection” Server stores anonymized data about access into log files. The following data is logged:

- Date and time of the access
- On requesting this privacy policy in the browser: used browser and OS, used device
- Used IP

This data is not stored together with other user related data. The user’s IP is anonymized for long term storage.

2. Legal Basis for Processing Data

Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

3. Purpose of Data Processing

The temporary storage of the full IP address for the current session is mandatory in order to deliver the requested data to the user’s device.

The log files are stored in order to ensure the functionality of the server. They are used to identify potential errors and bugs, for optimization purposes and to ensure the security of the IT system. They are NOT used for marketing purposes.

4. Storage Time

The data is deleted in case they are not necessary for the initial purpose anymore. In case of session data this is the case after the session has ended. Log files are deleted after 14 days at the latest.

5. Possibilities for Objection and Data Removal

The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.

XIV. Server Provider

1. Data Processing

The “My DVD Collection” server is hosted by Netcup GmbH. The server is located in Germany. Netcup may store data about server accesses.

More information about Netcup and privacy can be found here:

https://www.netcup.de/kontakt/datenschutzerklaerung.php

2. Legal Basis for Processing Data

Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.

3. Purpose of Data Processing

Information on the purpose of data processing can be found on Netcup's privacy page:

https://www.netcup.de/kontakt/datenschutzerklaerung.php

4. Storage Time

You can find information about the duration of storage on Netcup's privacy page:

https://www.netcup.de/kontakt/datenschutzerklaerung.php

5. Possibilities for Objection and Data Removal

The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.