The Goodsouls app (the "App") and website (the "Website"), together "the Services", are designed with your privacy in mind. The processing of personal data shall always be in line with the General Data Protection Regulation (GDPR) and this data protection declaration.
By using any part of the Services, you agree with the following data protection declaration.
1. Name and address of the data controller
The Goodsouls App, Website, and Services are provided by Hakiro Media UG (haftungsbeschränkt). The data controller responsible for compliance with the General Data Protection Regulation as well as other data protection regulations, including the national data protection laws of the EU Member States, is:
Hakiro Media UG (haftungsbeschränkt)
2. General information about data processing
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (e.g. name or email address). An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Description and scope of data processing
We only collect data that is necessary and relevant to providing you with our Services. Insofar as personal data is collected on our Services, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.
All the incoming and outgoing data traffic between you, the App, the Website, and with third parties (e.g. Apple when using Sign-in with Apple) is encrypted via TLS. TLS encryption means that third parties cannot read the data transmitted.
We have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through the Services. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed.
2.3 Legal basis for collecting and processing personal data
Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing of your personal data for which we obtain consent for a specific processing purpose. When processing personal data that is necessary to fulfill an agreement with you, Art. 6 para. 81) (b) GDPR is the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR is the legal basis. In the event that your vital interests or those of another natural person require the processing of personal data, Art. 6 1 lit. d GDPR is the legal basis. If processing is necessary to safeguard our legitimate interest or that of a third party and if your interests, fundamental rights, and freedoms do not outweigh the former, Art. 6 para. 1 lit. f GDPR is the legal basis.
2.4 Data storage duration and deletion
Your personal data will be deleted as soon as the purpose for its storage no longer pertains. Your data may, however, continue to be stored if required by EU or national regulations, laws, or other provisions to which we are subject. Data will be deleted once the aforementioned retention periods expire, unless the further retention of the data is required to establish or fulfill a contractual relationship.
2.5 Disclosure of data to third-party service providers
We do not explicitly pass data to third-party service providers but some data have to go through third-party service providers to enable us to track bugs, etc. We will only pass on the data we collect if:
- You have given your explicit consent according to Art. 6 (1) (a) GDPR;
- Disclosure is necessary according to Art. 6 (1) (f) GDPR to establish, exercise, or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
- We are legally obliged to do so under Art. 6 (1) (c) GDPR; or
- This is required under Art. 6 (1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request before entering into a contract.
Our App can be downloaded onto your mobile device if you are at least 16 years old. The consent of your parents is required if you are not 16 years old, according to Art. 8 para. 1 sentence 2 GDPR.
Below we inform you about the collection of personal data when using our App.
4.1 Data processing by App Stores
4.2 Data processing by Goodsouls
To use the App, you will need to register by setting up a user account. Which personal data is needed to set up an account and transmitted to us is determined by the input fields used for the registration. The personal data entered are collected and stored exclusively for internal use by us, and for our own purposes. Registered persons can change the personal data entered during the registration at any time and can request to have them completely deleted from our database.
188.8.131.52 Sign in with Apple
Alternatively, we offer you the possibility to register using your Apple ID. If you register using Sign in with Apple, we receive the data required for registration or login directly from Apple (e.g. email address, name). You can choose to hide your email address. If you choose to hide your email address, a unique, random email address is created. This way your personal email address is not shared with us during the account setup. We only use your email address and name to set up a user account for you. We have no way of influencing the extent of the data collected by Apple when you register or log in via Apple.
More information about Hide My Email for Sign in with Apple: https://support.apple.com/en-gb/HT210425.
184.108.40.206. Google Sign-in
Alternatively, we offer you the possibility to register using your Google account. If you register using Google Sign-In, we receive the data required for registration or login directly from Google (e.g. email address, name). We only use your email address and name to set up a user account for you. We have no way of influencing the extent of the data collected by Google when you register or log in via Google.
More information about Google Sign-In terms of service: https://policies.google.com/terms.
4.3 Application improvement
We use Sentry ("Sentry"), a technical error analysis tool from Functional Software Inc, 132 Hawthorne St, San Francisco, California 94107, USA, to monitor system stability and track software errors. In the event of a software error occurring, we may automatically transmit the following data to Sentry:
- Device type
- Operating system
- IP address of the device used
- App version
- Time of error
This data is collected anonymously, not used in a personalised manner or for personal purposes, and is subsequently deleted. An evaluation for advertising purposes expressly does not take place.
The legal basis for the aforementioned processing is your consent given to us (Art. 6 para. 1 lit. a) GDPR). The processing that takes place in this way is in our legitimate interest, as the data serves the sole purpose of error identification and analysis.
We would like to point out that our technical error analysis tool is based in the USA, i.e. outside the EU. The GDPR does not require that data processing activities are limited to the EU, but regulates the transfer of personal data outside of the European Economic Area (EEA).
Functional Software, Inc (Sentry’s registered company name) is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection requirements: You can see their certification in the Privacy Shield list of the US Department of commerce by searching for "Functional Software Inc. (Sentry)" here: https://www.privacyshield.gov/participant_search.
You can find Sentry’s data protection declaration here: https://sentry.io/privacy.
5. Data processing for contact purposes and password reset
5.1 Contact form
It is possible to contact us via contact form. If you contact us via the contact form, the data you submit will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. Which personal data is transmitted to and stored by us is determined by the input mask used for the contact form.
- Email address
- Content of the message
It is possible to contact us via email. If you contact us via email, the data you submit including the contact details you provide there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions.
- Email address
- Content of the message
- If applicable, the name of the user
When you contact us by clicking on "Feedback" or "Help" on the Settings screen in the App, the following data will automatically be included in the body of the email:
- App Version
- Operating system
5.4 Data recipients for data transmitted via the contact form and email as well as password reset
Our email service provider Mailgun Technologies ("Mailgun"), Inc., Legal Department, 112 E Pecan St #1135, San Antonio, TX 78205, USA. We use Mailgun to send and receive emails, including in the context of password reset. Mailgun has access to the aforementioned data, as well as other information including the user’s IP address.
You can find more information on the handling of user data in Mailguns’s GDPR Compliance and EU Data Protection at: https://www.mailgun.com/gdpr/.
The legal basis for the aforementioned processing is your consent given to us (Art. 6 para. 1 lit. a) GDPR) and a data processing agreement according to Art. 28 (3) sentence 1 GDPR.
We would like to point out that our email service provider is based in the USA, i.e. outside the EU. The GDPR does not require that data processing activities are limited to the EU, but regulates the transfer of personal data outside of the European Economic Area (EEA). Mailgun is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection requirements: You can see their certification in the Privacy Shield list of the US Department of commerce by searching for "Mailgun Technologies, Inc." here: https://www.privacyshield.gov/participant_search.
6. Comment function in the App
The Goodsouls App offers the possibility to leave comments on recipes and reply to comments added by other users. If you leave a comment in the App, the comment will be stored and published, along with the name you have chosen during account creation or later under "Settings" > "Account" > "Name". This collected personal data will not be passed to third parties unless such a transfer is required by law or serves the aim of the defense of the data controller.
7. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR. If you are a resident of the European Economic Area (EEA), you are entitled to various data subject rights which are regulated in the GDPR.
If you wish to be informed what personal data about you we collect, process, or store or if you want it to be removed from our systems, please contact us.
In addition to the right to withdraw your consent given to us at any time, you have the following rights regarding the data that you have transmitted to us and that we have processed if the respective legal requirements are met:
The right to be informed
You have the right to request that we confirm whether we are processing or have processed personal data that concerns you.
The right of access
You have the right to request information about your personal data.
The right to rectification
You have the right to request the correction of the personal data we have stored about you if it is incorrect or incomplete.
The right to erasure (Right to be forgotten)
You have the right to request the deletion of the personal data we have stored about you.
The right to restriction of processing
You have the right to request the restriction of the further processing of your personal data.
The right to data portability
You have the right to receive a copy of the personal data we have stored about you and to transfer this data directly to a third party
The right to object
You have the right to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 para. 1 lit. e or f GDPR; the same applies to profiling based on these provisions.
Rights concerning automated decision making and profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has a legal effect against you or significantly impairs you in a similar manner.
The right to withdraw consent
You have the right to withdraw your consent to the processing of your data at any time with effect for the future. This will not affect the lawfulness of the processing of your data done beforehand.
8. Final Provisions
8.2 How to contact us
If you have any further questions, e.g. about the personal data that we have stored about you, please do not hesitate to contact us.
You can reach us via the following email address: email@example.com.