Privacy policy Qundo app

Overview

Responsible for data collection

 
Qundo Technology GmbH
c/o Schumpeter Ventures GmbH
Ackerstraße 29 10115 Berlin
kontakt@qundo.de
   
 

Which of your data do we use?

  List of Data
     

How we use your data?

  List of Purposes
     

Legal basis for the use of your data

  Overview of the Relevant Legal Bases
     

Your rights

  Detailed Explanation
     

How long we use your data?

  Storage Periods in Detail
     

Where do we store your data?

  Storage Locations in Detail
     

With whom we share your data?

  Our Partners
     

We use “Cookies”

  For these Purposes
     

The all-inclusive privacy policy

  of the Qundo Technology GmbH you can see here
     

Alternatively you can also

  receive it by E-Mail
     

Data Protection Officer

 
Qundo Technology GmbH
attn. Data Protection Officer
c/o Schumpeter Ventures GmbH
Ackerstraße 29 10115 Berlin
datenschutz@qundo.de
     

Version and Date

  Version 2.0, March 2022

List of Data

We process and use the data shown here.
They are in principle personal, means that a natural person can be identified with their help, compare Art. 4 Nr. 1 DS-GVO.

 

Type of Data

 

Details

 

Examples

 
             
  Log-data   Log data are basically event data that arise from certain actions. They are created automatically by the web servers and are necessary in order to be able to display content from the www on a terminal device.  
  • IP-address of the requesting device
  • Timestamp
  • Operating system of the end device
  • Used browser
  • Amount of data
  • From which website the data is requested
 
             
  Metadata  
  • When was the Qundo app accessed?
  • How long was the Qundo app used?
 
  • Timestamp
  • IP-address
  • Operating period
 
             
  Identification-data   Your identification data basically consists of your ID card and the images of your face.  
  • A picture of your identity card and the values shown and contained on it
  • Images of your face
 
             
  Communication and content data   Communication data is data that we use together in order to be able to communicate with each other. Content data is the data that is the content of our communication, possibly also in the form of attachments.  
  • E-Mail-address
  • Surname, First Name (basically voluntary, but facilitates the conversation)
  • Content data, e.g. your request, background information
 
             
  Crash data via Firebase Crashlytics (depending on your consent)   Crash data is data about the state of your terminal device at the moment before the system crash. In order to provide us with anonymized crash reports, Firebase Firebase Crashlytics collects information in case of a crash or malfunction (crash) of the app and transmits it to Google servers in the US. Your IP address is required for this transmission. The crash reports provided to us do not contain any personal data, on reason which we could trace your identity.  
  • IP-address of the used terminal device
  • State of the app before system crash
  • Installation-UUID
  • Crash-trace
  • Manufacturer and operating system of the used terminal device
  • Last log messages
 

List of Purposes

We process your data for different purposes:

 

Type of Data

 

Our Understanding

 

Usage Purposes

 
             
  Log-data   Log data is basically event data that is created during certain actions. They are automatically created by the web servers and are necessary to display content from the www on a terminal device.   Log data is required to deliver our app to you. Without this data, the Qundo app cannot be accessed or used and you cannot have your identity verified through us.  
             
  Metadata   Metadata is structured data that contains information about characteristics of other data. For example, it includes information about the duration of use of a service or the traffic generated.   They help us to understand how our application is used:
  • whether our servers still have sufficient resources, or
  • whether our infrastructure might be abused
 
             
  Identification data   Your identification data basically consists of your ID card and the images of your face.   We use this data to verify your identity.
  • We check your ID for authenticity by checking the security features it contains
  • We compare your ID picture with the images we create of you
 
             
  Communication and content data   Communication data is data that we share in order to be able to communicate with each other. Content data is the data that is the content of our communication, possibly also in the form of attachments.   If you send us an e-mail to the addresses provided (kontakt@qundo.de or datenschutz@qundo.de) we will at least receive your sender e-mail address and the data that you make accessible to us in this message.  
             
  Crash data, Firebase Crashlytics (depending on your consent)   Crash data is data about the state of your terminal device at the moment before the system crash. This includes the type of operating system used, information about malfunctions during operation (type of malfunction, time of the malfunction, duration of the malfunction, use of the app at the time of the malfunction), device information and your IP address, which is required for sending this information.   If you have given us your consent to use Firebase Crashlytics: Based on the data described above, we can obtain an overview of various malfunctions or problems in the operation of the app when they occur, and we can evaluate them based on their relevance for use, in order to ensure efficient troubleshooting and the stability of the app. In this case, the data processing is based on your consent pursuant to Art. 6 (1) p. 1 lit. a) DS-GVO.  

Overview of the Relevant Legal Bases

Any use of personal data requires a legal basis. In principle, you can find the possible legal bases in Art. 6 DS-GVO.

 

Type of Data

 

Legal Base

 

Explanation

 
             
  Log-data   Legitimate interest, Art. 6 para. 1 p. 1 lit. f) DS-GVO   We both have a legitimate interest in the technically error-free presentation and optimization of our application.  
             
  Metadata   Legitimate interest, Art. 6 para. 1 p. 1 lit. f) DS-GVO   We both have a legitimate interest in the technically error-free presentation and optimization of our application.  
             
  Identification data   Explicit consent, Art. 9 (2) a), Art. 7 DS-GVO   Identification data is rightly subject to special protection. You have voluntarily chosen to use our app despite a less invasive option. These pages inform you about possible risks.  
             
  Communication and content data   Carrying out (pre-)contractual measures, Art. 6 para. 1 p. 1 lit. b) DS-GVO   When using the app, we are both in a (pre-)contractual relationship with each other: You use our services and we are obligated to be considerate towards each other. By sending the request, you initially enter into contact with us.  
             
  Crash data via Firebase Crashlytics (depending on your consent)   Consent, Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO   Before starting the identification process, we ask you to agree to the use of Firebase Crashlytics. Of course, you can also use our app without having agreed to the use. Nothing will change for you in terms of functionality.  

Your Rights

You have a whole range of rights towards us, which we will gladly explain to you in the following lines.
First of all: You can claim them by sending us an informal message. Either to Qundo Technology GmbH or our data protection officer.

 

Your Right

 

Findspot

 

Description

 
             
  Right of providing information   Art. 15 DS-GVO   You have the right to request information and confirmation from us as to whether we process your personal data, what this is and with whom it is shared, if applicable. For this purpose, you will receive a machine-readable copy of this data from us.  
             
  Right to correct your data   Art. 16 DS-GVO   If your personal data is incorrect or incomplete, we will be happy to correct it.  
             
  Right to delete your data   Art. 17 DS-GVO   Upon your legitimate request, we will delete your personal data and confirm this deletion. However, there may be reasons why deletion (at least in part) is not possible, e.g. if we are required by law to retain data.  
             
  Right to restrict the processing of your data   Art. 18 DS-GVO   You can also request us to stop further processing of your personal data. However, a few conditions must be met for this. We will inform you when the restriction is lifted.  
             
  Right to data portability   Art. 20 DS-GVO   You may request us to provide you with your personal data in a structured, commonly used and machine-readable format, or to transfer it directly to another controller.  
             
  Right of objection   Art. 21 DS-GVO   If we process data from you on the basis of our legitimate interest, cf. list of data and/or overview of relevant legal bases, you may request that this processing ceases.  
             
  Right not to be subject to automated decision-making   Art. 22 DS-GVO   You can object to an automated decision at any time. However, we would like to point out that we do not carry out such processing. We only provide our client with information about your identity. A decision for or against you is made by him.  
             
  Revocation of consent once given   Art. 7 Abs. 3 DS-GVO   Of course, you also have the right to revoke a consent that you once gave us.  

You can claim the aforementioned rights by sending us an informal message. Either to Qundo Technology GmbH, or our data protection officer.
In addition, you also have the right to contact a supervisory authority if you believe that a data use violates the GDPR.

  Right to complain to a supervisory authority   Art. 77 DS-GVO   You have the choice of which supervisory authority you would like to contact. The Data Protection Conference of the Federal States has a overview of the supervisory authorities in the BRD compiled, to which we refer here.  

Storage Periods in Detail

In principle, we use your data until the purpose of use is fulfilled. Depending on the type of data, this may vary.

 

Type of Data

 

Storage Duration

 

Examples

 
             
  Log-data   Log data is stored by us for a period of 30 days after the app usage has ended.   App usage ends on 01.01.2022, data will be automatically deleted on 01.31.2022.  
             
  Metadata   Metadata is stored by us for a period of 14 days after the app usage ends and is then anoymized.   App usage ends on 01.01.2022, data will be automatically anonymized on 01.15.2022.  
             
  Identification data  
  • Your identification data will be stored by us until the client has retrieved them, up to a maximum of 14 days.
  • Within the framework of the Money Laundering Act, our client may be obliged to retain this data for a period of up to five years or, in accordance with commercial or tax law requirements, for a period of up to 10 years.
 
  • Identity verification was completed on 01.01.2022. For our part, after an iterative reminder process to our client, your data will be automatically deleted on 01.15.2022.
  • This does not affect a possible further obligation to store your data with our client. To find out how long our client stores this data, please contact them.
 
             
  Communication and content data   Communication and content data will be stored by us until your request is completed and no further queries are expected, usually 3 months after the last contact.  
  • If you were last contacted on 01.01.2022, if we were able to deal with your request and if we do not expect any further queries, we will automatically delete the data on 04.01.2022.
  • However, it is conceivable that a different storage period may result depending on the content, for example, if we retain data for you because you or we need it to enforce a right. In this case, we delete the data on your notice beziehngsweise when this purpose has ceased to exist.
 
             
  Crash data via Firebase Crashlytics (depending on your consent)   The data collected by Google to provide aggregated and anonymized crash reports will be stored for a maximum period of 14 months.   If you want to revise your decision in the current identification process, you have to start the identification process from the beginning.  

Storage Locations in Detail

Some of your data is stored in different places. Where, we list it for you.

 

Type of Data

 

Storage Location

 

Is the Data there Secure?

 
             
  Log-data   On our servers at AWS Europe SARL. Agreed server location is Frankfurt am Main.   Your data is stored there in encrypted form. AWS itself never has access to data in plain text.  
             
  Metadata   On our servers at AWS Europe SARL. Agreed server location is Frankfurt am Main.   Your data is stored there in encrypted form. AWS itself never has access to data in plain text.  
             
  Identification data   On our servers at AWS Europe SARL. Agreed server location is Frankfurt am Main.   Your data is stored there in encrypted form. AWS itself never has access to data in plain text.  
             
  Communication and content data   When you send us an email, it is processed on our side by Microsoft365 services. Agreed server location is Germany.   Microsoft encrypts data during transport by default. According to Microsoft itself, it does not have access to content data in plain text at any time.  
             
  Crash data via Firebase Crashlytics (depending on your consent)   Google processes the data in one of its data centers: https://www.google.com/about/datacenters/locations/   Data transmission is contractually secured via standard contractual clauses. IT security is certified according to ISO27001, SOK1, SOC 2 and SOC3: https://firebase.google.com/support/privacy  

Our Partners

We can’t do without partners completely, but we have selected them carefully and check them regularly. Here we present them to you.

 

Partner

 

Address

 

Task

 
             
  AWS EMEA SARL.   Service provider:
AWS EMEA SARL:
38 Avenue John F. Kennedy
L-1855 Luxembourg
Parent company:
Amazon, Inc.
2111 7th Avenue
Seattle, WA 98121, USA
  Our website www.qundo.de is hosted by Amazon. Amazon also operates the data center where we run our servers that provide and perform our service.  
             
  Microsoft365   Service provider:
Microsoft Ireland Operations limited
One Microsoft Place
South County Business Park, Leopardstown
Dublin 18, Ireland
Parent company:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399, USA
  General administrative tasks and communication services.  
             
  Google   Service provider:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Parent company:
Alphabet Inc.
Googleplex, Mountain View
California, USA
  Firebase Crashlytics. Evaluate information about system crashes while using the Qundo app.