Patavinus privacy policy

Last update: 08/12/2019

preamble

This service (hereinafter "app") is provided by Patavinus UG, Barbiergasse 6, 90443 Nuremberg, service@olaf.app.com (hereinafter "we" or "us") as the person responsible within the meaning of the applicable data protection law.

OLAF-App is an online lost and found app.

The app can enable the owner of lost items to easily retrieve them. If an owner has provided his valuable item with a QR code generated and activated in the OLAF-App and if the owner has activated this QR code on the OLAF platform (hereinafter "owner"), a finder of the valuable item (hereinafter "finder") can use the OLAF-App contact the owner and both can agree on the type of handover of the valuable item.

Through the app we enable you to call up and display chats between the owner and the finder of lost objects and - under certain conditions set out below - the owner to call up the codes with which he has provided the object.

When using the app, we may process personal data about you. Personal data is understood to mean all information that relates to an identified or identifiable natural person. Because the protection of your privacy when using the app is important to us, we would like to provide you with the following information about which personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to safeguard our legitimate interests, also about this.

You can call up this data protection declaration at any time under the menu item "Data protection" within the app.

1. Information on the processing of your data

Certain information is processed automatically as soon as you use the app. We have listed for you which personal data is processed in the following:

1.1 Information that is collected when the app is downloaded (owner only)

When the owner downloads the app, certain required information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store), in particular the user name, the email address, the customer number of your account, the time of Downloads, payment information and the individual device code are processed. The processing of this data takes place exclusively through the respective app store and is beyond our sphere of influence.

1.2 Information that is collected automatically (owner and finder)

When you use the app, we automatically collect certain data that is required for using the app. This includes: Log files, among other things, the version of your operating system and the time of access.

This data is automatically transmitted to us, but not stored in our database, (1) in order to provide you with the service and the associated functions; (2) to improve the functions and features of the app and (3) to prevent and eliminate misuse and malfunctions.

This data processing is justified by the fact that (1) the processing is necessary for the fulfillment of the contract between you as the data subject and us in accordance with Art. 6 Para. 1 lit.b) GDPR to use the app, or (2) we have a legitimate interest have to ensure the functionality and error-free operation of the app and to be able to offer a service that is in line with the market and interests, without affecting your rights and interests in the protection of your personal data within the meaning of Art. 6 Para. 1 lit. f) GDPR predominate.

1.3 Creation of a user account and registration (owner only)

If you as the owner create a user account and log in, we only use a randomly generated device ID, which is stored both on your device and in our database for purposes of comparison and assignment.

We use the device ID to anonymously authenticate you as the owner when logging in. The data you enter during registration and a login will be processed and used by us, (1) to verify your authorization to manage the user account; (2) to enforce the terms of use of the app as well as all related rights and obligations and (3) to get in contact with you to send you technical or legal notices, updates, security messages or other messages concerning the administration of the user account be able.

In addition, you can voluntarily provide the following information during registration: QR codes for your valuables, email address, information about the type of your valuable object, name of your chat. We use voluntary information to display it in accordance with the settings you have made in the app. This includes in particular the sending of push notifications to the email address you provided.

This data processing is justified by the fact that (1) the processing is necessary for the fulfillment of the contract between you as the data subject and us in accordance with Art. 6 Para. 1 lit.b) GDPR to use the app, or (2) we have a legitimate interest have to ensure the functionality and error-free operation of the app without your rights and interests in the protection of your personal data within the meaning of Art. 6 Paragraph 1 lit.

1.4 Use of the app (owner and finder)

The main object of the app is the sending and receiving of chat messages between the owner of valuables and a finder of an object of value provided with a Patavinus QR code. Both the owner and the finder can enter information within the app. These chat messages are stored in our database. The owner can delete the messages. The finder cannot delete the messages. The Finder needs internet access to send chat messages. This is required to save your entries on our servers.

Separate note:

The chats sent via the app / website can be viewed by anyone who enters the relevant QR code on the website. This should support the sense and purpose of the app so that a finder can easily contact an owner of an object of value. We advise against posting personal information such as name, address, telephone number in the chat. In the end, no personal information is required to hand over an item of value: it is sufficient to agree on a safe (e.g. bright and well-attended) handover location. Ultimately, the finder is also free to hand in the found object of value in a public lost property office or at another public location, e.g. a restaurant, company gate. The finder can anonymously inform the owner of this via the app.

The owner can grant the following authorizations on a voluntary basis:

  • Camera access: This is required if you do not enter the QR codes by hand but want to scan them with the help of the camera.

  • Push messages: These are required if you want to be notified, for example, via chat messages from a finder. We also use push notifications to inform you about innovations in the Patavinus service.

The processing and use of usage data takes place in order to provide the service. This data processing is justified by the fact that the processing is necessary for the fulfillment of the contract between you as the data subject and us in accordance with Art. 6 Para. 1 lit. b) GDPR to use the app, or (2) we have a legitimate interest in to guarantee the functionality and error-free operation of the app without your rights and interests in the protection of your personal data within the meaning of Art. 6 Paragraph 1 lit.

2. Disclosure and transfer of data

A transfer of your personal data, insofar as it is available to us, without your express prior consent, takes place in addition to the cases explicitly mentioned in this data protection declaration only if it is legally permissible or necessary. This can be the case, among other things, if the processing is necessary to protect the vital interests of the user or another natural person.

2.1

If it is necessary to investigate illegal or improper use of the app or for legal prosecution, personal data will be forwarded to the law enforcement authorities or other authorities and, if necessary, to harmed third parties or legal advisers. However, this only happens if there are indications of illegal or abusive behavior. A transfer can also take place if this serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public bodies upon request. These are law enforcement authorities, authorities that prosecute administrative offenses that have been fined, and the tax authorities.

Any transfer of personal data is justified by the fact that (1) the processing is necessary to fulfill a legal obligation to which we are subject in accordance with Art. 6 Para. 1 lit. or (2) we have a legitimate interest in passing on the data to the named third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art . 6 para. 1 lit.f) GDPR do not prevail.

2.2

The protection of your data is important to us. Therefore, as far as we are dependent on it for the provision of our service, we use the following external companies and external service providers who are based in the EU and operate exclusively with servers in the EU for the provision of our service. Currently these are:

  • Hetzner Online GmbH, among other things, for server hosting

  • Mailjet GmbH among other things for an automatic email dispatch

Any transfer of personal data is justified by the fact that we have carefully selected our external companies and external service providers as contract processors within the framework of Art. 28 Paragraph 1 GDPR, regularly checked them and contractually obliged to process all personal data exclusively in accordance with our instructions.

2.3

As part of the further development of our business, the structure of our company may change, as the legal form is changed, subsidiaries, parts of companies or parts of the company are founded, bought or sold. In such transactions, the customer information may be passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection declaration and the applicable data protection law.

Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances if necessary and your rights and interests in the protection of your personal data within the meaning of Art. 6 Para. 1 lit. f) GDPR do not predominate.

3. Changes in purpose

Your personal data will only be processed for purposes other than those described if a legal provision allows this or you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes before further processing and provide you with all other relevant information.

4. Data retention period

We delete or anonymize your personal data as soon as they are no longer required for the purposes for which we collected or used them in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 30 days, during which we keep backup copies after deletion, unless this data is used for criminal prosecution or for backup, Assertion or enforcement of legal claims are required longer.

Specific information in this data protection declaration or legal requirements for the storage and deletion of personal data, in particular those that we have to keep for tax reasons, remain unaffected.

5. Your rights as a data subject

5.1 Right to information

You have the right to request information from us at any time about the personal data relating to you processed by us within the scope of Art. 15 GDPR. To do this, you can send an application by post or email to the address given below.

5.2 Right to correct incorrect data

You have the right to request us to correct your personal data without delay if it is incorrect. To do this, please use the contact addresses given below.

5.3 right to erasure

You have the right, under the conditions described in Art. 17 GDPR, to request that we delete your personal data. These prerequisites provide for a right to erasure in particular if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the member state to which we are subject. For the period of data storage, see also section 4 of this data protection declaration. In order to assert your right to deletion, please use the contact addresses given below.

5.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the correctness of the personal data is disputed between the user and us, for the duration that the correctness is required to be checked, as well as in the event that the user requests restricted processing instead of deletion with an existing right to deletion ; also in the event that the data is no longer required for the purposes we are pursuing, but the user needs it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still controversial. In order to exercise your right to restriction of processing, please use the contact addresses given below.

5.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. In order to assert your right to data portability, please use the contact addresses given below.

6. Right to object

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 Para. 1 lit. e) or f) GDPR, according to Art. 21 To insert GDPR. We will stop processing your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

7. Right to complain

You also have the right to contact the responsible supervisory authority in the event of complaints. The responsible supervisory authority is: the Bavarian State Office for
Data protection supervision PO Box 1349, 91504 Ansbach, Germany

8. Contact

If you have any questions or comments about how we handle your personal data, or if you would like to exercise the rights listed under points 5 and 6 as a data subject, please contact Patavinus UG, Barbiergasse 6, 90443 Nuremberg, or service@patavinus.com.

If you have any questions or comments about the practical handling and operation of the app or support inquiries, please contact service@patavinus.com.

9. Changes to this data protection declaration

We always keep this data protection declaration up to date. We therefore reserve the right to change it from time to time and to update changes in the collection, processing or use of your data. The current version of the data protection declaration is always available under "Data protection declaration" within the app.