Data privacy policy

Collection and processing of data with the What's Left App

1. Amazon Web Services (AWS) Usage

We use the Amazon Web Services for our App:

Amazon Web Services EMEA SARL,
38 Avenue John F. Kennedy,
1855 Luxembourg (hereinafter: AWS).

When you use our app, your personal data is processed on AWS servers. You data is stored in Frankfurt in Germany. Personal data may also be transmitted to the parent company of AWS in the USA. The data transfer to the USA is based on the EU standard contractual clauses.

Details can be found here:
https://aws.amazon.com/en/blogs/security/aws-gdpr-data-processing-addendum/

AWS states on its website not to "access, use, or share customer data without one's agreement, except as required to prevent fraud and abuse, or to comply with law, as described in their Customer Agreement". Amazon also states "not to use customer data or derive information from it for marketing or advertising purposes."

More about data privacy:
https://aws.amazon.com/en/compliance/data-privacy/?nc1=h_ls

For more information, please see the AWS Privacy Policy:
https://aws.amazon.com/en/privacy/?nc1=f_pr

2. TestFlight

You can download and use What's Left per TestFlight. You can find the TestFlight privacy policy here:
https://testflight.apple.com/#privacy-data

3. Downloading and using What's Left

Whenever you access and download our App, we collect from you and process the following personal data:

  • Language

Whenever you create a What's Left account and use the app functions available to you, we collect and process the following personal data:

  • information you voluntary submit to us:
    • E-Email address
    • Image of your supermarket receipts, and all the information associated to the receipt.
  • Language

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the legal notice. Furthermore, you have the right to file a complaint with the competent supervisory authority.



Collection and processing of data on our website

1. General notes and mandatory information

Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (eg communication by e-mail) holds security gaps. A complete protection of the data against access by third parties is not possible.

Note on the responsible person

The responsible party for data processing on this website is:

Emeline Sobotta
E-Mail: privacy@tellmewhatsleft.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax law or commercial law); in the latter case, the deletion will take place after these reasons cease to apply.

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obligated to release personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore happen that authorities such as intelligence services may process, evaluate and use your data stored on U.S. servers for surveillance and monitoring purposes, as well as permanently store it. We have no influence on these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority

In the event of violations of data protection law, the person concerned has the right to file a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company is based. A list of the data protection officers and their contact details can be found in the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to delete, correct or block information about your stored personal data, its origin and recipient. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the legal notice.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in following cases:

  • If you dispute the accuracy of the personal data we have stored about you, we usually need time to check this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion
  • If you have filed an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Objection to advertising mails

The use of contact information published within the legal notice to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

2. Hosting with Amazon Web Services (AWS)

We host our website on AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS).

When you visit our website, your personal data is processed on AWS servers. Personal data may also be transmitted to the parent company of AWS in the USA. The data transfer to the USA is based on the EU standard contractual clauses. Details can be found here:
https://aws.amazon.com/en/blogs/security/aws-gdpr-data-processing-addendum/.

For more information, please see the AWS Privacy Policy:
https://aws.amazon.com/en/privacy/?nc1=f_pr.

The use of AWS is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

3. Data collection on our website

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Contact form

If you send us inquiries via the contact form, the information you provide in the form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and for the case of follow-up questions. We do not pass on this data without your consent

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.is necessary. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. (e.g. after the processing of your inquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Request by e-mail, phone

If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. (e.g. after the processing of your request has been completed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

4. Plugins and Tools

Font Awesome (local Hosting)

This site uses Font Awesome for consistent font rendering. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers. For more information about Font Awesome, please see the Font Awesome privacy policy at:
https://fontawesome.com/privacy.

Google Web Fonts

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support web fonts, a default font is used by your computer.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

Google Search Console

We use Google Search Console to technically monitor our website for errors. Google Search Console is a free service that allows us to monitor and manage our presence in the Google search index. There we get access to data and information that Google has about our website. No user or tracking data is transmitted to Google from our side. We only receive data from Google about our web presence.

Under https://policies.google.com/ you can find more information about Google's terms of use and privacy policy.

Google Analytics

Our website uses the web analytics service Google Analytics. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of our website. The information generated by cookies about your use of our website is usually transmitted to a Google server in the USA and stored there.

The legal basis for the processing of your data is the consent you have given via the cookie consent tool in accordance with Art. 6 (1) sentence 1 lit. a) DSGVO.

  1. IP anonymization

    We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

  2. Order processing

    We have concluded an order data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

  3. Storage period

    Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

  4. Objection to data collection

    You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

    You can also prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available at the following link to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de. If you delete the cookies on your computer, you must set the opt-out cookie again.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

You can find more information on data protection in Google's privacy policy: https://policies.google.com/privacy?hl=de&gl=de

YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. to your personal profile. You can prevent this by logging out of your YouTube account. account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things to collect video statistics, improve the user experience, and prevent fraud attempts. prevent fraud attempts.

If necessary, further data processing processes may be triggered, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=en.

5. Actuality and change of this privacy policy

This privacy policy has been last updated on November 1st 2022.