Data protection

This data protection declaration gives you an overview of the processing of your personal data in the context of the use of the offers and online services in the “Uniwhere” app, available for iOS and Android (hereinafter referred to as the “service” or the “app”) . This data protection declaration also informs you about your rights and the options you have to control your personal data and protect your privacy

Who is responsible for data processing and who can I contact?

Uniwhere UG (limited liability) Brunnenstr 64, 13355 Berlin District Court Charlottenburg (Berlin) HRB182022B is responsible for data processing. This company is also meant when the terms we or us are used in the following.
You can reach our company data protection officer at:
Data protection officer
Uniwhere UG (limited liability)
Brunnenstr 64, 13355 Berlin
Charlottenburg District Court (Berlin) HRB182022B
privacy@uniwhere.com

2. What personal data do we process and where do they come from?

When we provide the service for you to use, we process personal data from various sources. On the one hand, this is data that we collect automatically when you open the app. However, this can also be data that you have voluntarily provided to us.

Data that we collect automatically

As soon as you open the app, you send technical information to our web server. This happens regardless of whether you then register with an account with us to use the service or not. In any case, the are recorded every time you open it App:

Firebase und Google Analytics

So we process the above data about how you access the service and how you use it. If the app stops working or has to be restarted due to a system error, we also record this. We process information about the people , Functions, content and links that you deal with when using the app.

We use Google Analytics in connection with Firebase to process this data. Firebase is a real-time database with which real-time information can be embedded in your own app. The above-mentioned user data is transmitted anonymously to Firebase. Firebase is a Google subsidiary and is based in San Francisco (CA), USA. You can find Firebase’s privacy policy at https://www.firebase.com/terms/privacy-policy.html.

The data collected by Google Analytics about the use of the app is usually transferred to a Google server in the USA and stored there. IP anonymization has been activated in the app so that the IP address of Google users within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened beforehand. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. Google Analytics is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 (Google). If personal data is exceptionally transferred to the USA, a data protection level appropriate to the level of data protection in the EU is ensured by Google’s certification according to the so-called “Privacy Shield Agreement” between the EU and the USA (https: //www.privacyshield. gov / participant? id = a2zt000000001L5AAI & status = Active). On our behalf, Google will use this information to evaluate the use of the app by users, to compile reports on app activities and to provide us with other services related to app use and internet use.

The IP address transmitted by your device as part of Google Analytics will not be merged with other Google data. You can prevent the storage by a corresponding setting in the operating system of your device. Then, however, you may not be able to use all the functions of the app to their full extent. You can also prevent Google from collecting the data relating to the use of the app (including the IP address) and from processing this data by Google by downloading and installing the plugin available under the following link. The current link is: http://tools.google.com/dlpage/gaoptout

You can find more information on Google Analytics at: http://google.com/intl/de/analytics/privacyoverview.html.

Note on the use of Facebook Custom Audiences

It is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (Facebook EU), which also includes data sent to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook USA; together with Facebook EU as a whole Facebook). Like Google, Facebook USA is certified according to the Privacy Shield Agreement and therefore offers an appropriate level of data protection outside the EU (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

So-called Facebook pixels are integrated into our app, which you, as the user of our app, anonymously, i.e. without identifying you as a person. If you log in to Facebook later, a non-reversible and therefore non-personal checksum (profile) from your usage data will be sent to Facebook for analysis and marketing purposes. Further information on the purpose and scope of data collection and the further processing and use of data by Facebook as well as your setting options to protect your privacy can be found in Facebook’s data protection guidelines, which can be found at https://www.facebook.com/legal/terms / customaudience and https://www.facebook.com/privacy/explanation can be found. If you would like to object to the use of Facebook Custom Audiences, you can do this at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen/

However, even if you are not a member of Facebook, Facebook will receive and save your IP address according to its own data protection information (https://www.facebook.com/policies/cookies/) and will receive information when you use our app, including device information (Operating system, hardware version, device settings, file and software names and types, battery and signal strength), device identifiers, device locations, including certain geographic locations, e.g. B. via GPS, Bluetooth or WiFi signals, connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number) and information about your activity. According to Facebook, only an anonymized IP address is processed.

data that you provide to us yourself

In addition to the data that we receive from all visitors, we also process other data. The exact scope of this data depends on how you use the service. This includes:

Account and profile data:

In order to use the service, you do not need to create a user account (a “profile”) and do not provide us with any data for this. However, we will ask you for your login data that you received from your university in order to log into the online services of your university (your “university data”). With this data, you can then use the app to access your data stored at your university, such as curricula, timetables or meal plans.

If you create a profile, we will assign you a so-called unique user ID. In addition to your profile name, this unique user ID allows us to be able to clearly assign your profile.

contact and location data

For the use of the service, you can grant us access to all the contact data you have imported on your device (such as an address book in a device) or access to location data transmitted by your device (e.g. via GPS). However, we will never process this data without your prior express consent. You can then give us this consent separately via the user interface

Other data that we process if you have a profile:

As soon as you have logged in with your university data via our app, we process the data from the network of your university. These are:

If you use the functions of the app and e.g. We will also process this data for lectures and examinations, evaluating or commenting or using the chat function.

Use of Google APIs

Uniwhere's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3. For what purposes do we process your data and on what legal basis do we do this?

We process your data exclusively for the following specified purposes:

Here we rely on various legal bases according to the so-called General Data Protection Regulation, an EU-wide legal framework for the unification of data protection law (GDPR for short). We refer to the following legal bases:

Consent (Article 6 Paragraph 1 a GDPR)

If you have given us your consent to the processing of personal data for specific purposes, this consent ensures the legality of the processing. When registering with your university data, you expressly consent to the use for the purposes described in detail in this data protection declaration by sending a checkmark before sending the registration form. So if we process your data, it is because you have expressly allowed us to do so when you registered or visited the site. Thus, Article 6 Paragraph 1 a GDPR is the most important legal basis for the processing of your personal data by us

To fulfill contractual obligations (Article 6 Paragraph 1 b GDPR)

The processing of personal data takes place at the same time for the provision of the service within the scope of the implementation of our contract with you. In many cases, the processing is not justified only on the basis of your consent, but also because it is necessary to fulfill our contract with you .

As part of the balancing of interests (Article 6 Paragraph 1 f GDPR)

When you register for the use of the service, you consent to the processing of your data in accordance with this data protection declaration. That is why we process your data exclusively because you have allowed us to process it. Nevertheless, there are some cases in which we would be entitled to processing without your consent because it is necessary to protect our legitimate interests (or the interests of third parties). In this respect, the purposes for which we process your data also represent legitimate interests.

Due to legal requirements (Article 6 Paragraph 1 c GDPR) or in the public interest (Article 6 Paragraph 1 e GDPR)

We are also legally obliged to provide certain information to law enforcement or financial authorities on request in individual cases.

4. To whom do we transmit your data?

We treat your personal data with care and confidentially and will only pass this on to the third party and not beyond.

Other users:

Since our services are social networks, it is in the nature of things that we provide your profile data and other data (e.g. messages that you write or reviews that you submit) at your request and on your behalf to the relevant users forward the service.

Third:

In addition, we transmit data to external service providers who enable us to provide the service. This includes our hosting provider Amazon Web Services and Google Inc. as operator of the analytics platform Google Firebase. We each require these service providers to adhere to strict rules to ensure the security of your data when processing personal data on our behalf

We only transmit data to authorities in the event of a legal obligation due to a request for information from the respective authority.

5. Do we transfer your data to countries outside the EU or the EEA?

We do not transfer your data to countries outside the EEA. We do not host your data in third countries and all of our servers are located in the EEA. We also take the protection of your personal data very seriously and have taken appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing and against its accidental loss, destruction or damage. We encrypt all data exclusively via SSL with a verified 256-bit certificate

Due to the use of Google Firebase, the data collected is also transmitted to the USA. Google Analytics data about the use of the app are usually transferred to a Google server in the USA and stored there. However, Google will shorten the IP address before it is transferred to the USA within member states of the European Union or in other contracting states of the EEA. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. The USA is a so-called third country, i.e. a country outside the EEA, in which an adequate level of data protection is generally not guaranteed. However, Google is certified under the so-called Privacy Shield, so that despite the transfer to the USA there is a sufficient guarantee of an adequate level of data protection

6. How long will my data be saved?

We process and store your personal data as long as it is necessary to fulfill our contractual or legal obligations. We therefore store the data as long as our contractual relationship with you exists and only after termination, insofar as the laws of the Federal Republic of Germany require it. All other data will be deleted immediately when you unsubscribe from the app. If the other data are no longer required for the fulfillment of such obligations, they will be deleted regularly, unless their further processing is necessary for the preservation of evidence within the framework of statute of limitations.

7. Do you create a user profile with my personal data?

We use your data for so-called profiling. This means that we use your data to provide you with a personalized service based on your personal preferences, interests and based on your previous behavior, e.g. to make tailor-made offers. So we will e.g. Show job and apartment offers or teaching materials that match your profile and interests. However, we will never process and analyze your personal data in the context of profiling in such a way that this leads to an automated decision that has legal effect on you or similarly significantly affects you.

8. Is there an obligation for me to provide data? What happens if I no longer or no longer provide my data?

You are not legally obliged to provide us with the above data. In principle, the contractual relationship that you have entered into with us by agreeing to our terms and conditions does not result in any obligation to provide this personal data. However, the transmission of the mandatory information is a basic requirement for a contract with us. In addition, you cannot or only use the service to a limited extent if you do not provide us with certain data or contradict its use. Because our service represents a social media offer that essentially only becomes “alive” through the content set by the users.

9. What rights do I have in relation to your data processing?

According to the GDPR, you can assert the following rights against us:

Your right to information under Article 15 GDPR,
Your right to correction under Article 16 GDPR,
Your right to deletion under Article 17 GDPR,
Your right to restriction of processing according to Article 18 GDPR as well
Your right to data portability from Article 20 GDPR.

In addition, you have the right to lodge a complaint with the responsible data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before May 25, 2018. However, this revocation only applies to the future. Processing that took place before the revocation is not affected.

Information about your right to object according to Article 21 GDPR

1. Individual right to object

In addition to the rights already mentioned, you have the right, for reasons that arise from your particular situation, at any time against the processing of personal data relating to you based on Article 6 (1) e GDPR (data processing in the public interest) and Article 6 Paragraph 1 f GDPR (data processing on the basis of a balance of interests) takes place to object; this also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. If you file an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Please also note the information under Section 8 of this data protection declaration: If we stop processing due to your objection, it may be the case that the service can no longer be made available to you or only to a limited extent.

2. Right to object to the processing of data for advertising purposes

You also have the right to object to the processing of your personal data for direct marketing purposes at any time; this also applies to profiling insofar as it is connected to such direct advertising. If you file an objection, we will no longer process your personal data.
The objection can be made form-free and should be addressed to: privacy@uniwhere.com