Privacy Notice for the Rock am Ring / Rock im Park App
1. Data protection, controller and data protection officer
Below, we inform you about the processing of personal data when using our mobile iPhone and Android app Rock am Ring / Rock im Park (hereinafter referred to as the “App”).
Personal data means any information relating to you personally or that can be linked to you, for example your name, email address, device identifiers, location data, usage data or technical information about your device.
This Privacy Notice explains in particular:
which personal data we process in connection with your use of the App;
for which purposes this data is processed;
on which legal basis the processing takes place;
to which recipients data may be transferred;
whether data is transferred to third countries;
how long the respective data is stored and when it is deleted or anonymised;
which rights you have under the General Data Protection Regulation (“GDPR”).
Where we process personal data, this is carried out in particular on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, for the performance of contractual or pre-contractual measures pursuant to Art. 6(1)(b) GDPR, due to legal obligations pursuant to Art. 6(1)© GDPR, or on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR. Where processing is based on legitimate interests, we carry out a balancing test against your interests, fundamental rights and freedoms.
Please note that data transmission over the internet may involve security risks. Complete protection of data against access by third parties is technically not fully possible. However, we implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access and unauthorised disclosure.
2. Name and contact details of the controller and the data protection officer
This Privacy Notice applies to data processing by:
eventimpresents GmbH & Co. KG
c/o CTS EVENTIM AG & Co. KGaA
Contrescarpe 75a
28195 Bremen
Germany
Email: info@eventimpresents.com
You can contact our data protection officer at:
datenschutz@eventimpresents.com
3. General information on App use
The App is used for information, orientation and communication relating to the Rock am Ring and Rock im Park festivals. In particular, it may provide information about the programme, site maps, safety-related notices, push notifications, location-based functions and further links to third-party services.
Some App functions cannot be used, or can only be used to a limited extent, without access to certain data or device functions. This applies in particular to push notifications, map and location functions, as well as certain analytics and error diagnostics functions.
Where processing is based on your consent, you may withdraw this consent at any time with effect for the future. The lawfulness of processing carried out up to the time of withdrawal remains unaffected.
4. Download and installation of the App
You can download our App from the Apple App Store or the Google Play Store to your mobile device.
When downloading the App to your mobile device, the information required for this purpose is transmitted to the respective app store. This may include in particular:
username;
email address;
customer number of your store account;
time of download;
payment information, where relevant;
individual device identifiers.
We have no influence over this data collection by the respective app store. The respective store provider is responsible for this. We process this data only to the extent necessary for downloading and installing the App on your mobile device. We do not store this data beyond that.
The legal basis for processing by us is Art. 6(1)(b) GDPR, insofar as the processing is necessary for providing the App, and Art. 6(1)(f) GDPR based on our legitimate interest in providing and ensuring the technical availability of the App.
Please also note the privacy notices of the respective store providers:
Apple App Store: https://www.apple.com/de/privacy/
Google Play Store: https://policies.google.com/privacy
5. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, this App uses SSL or TLS encryption. This is intended to prevent data that you transmit via the App from being read or modified by unauthorised third parties.
6. External hosting of the App
In addition to the local storage of certain data on your mobile device, it is necessary for the operation of the App to process certain technical data on the servers of our IT service provider in order to ensure the functionality, security and availability of the App.
For hosting, we use, among others, the infrastructure of:
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg
The servers are generally located within the EU or the EEA, specifically in Frankfurt am Main. However, it cannot be completely ruled out that personal data may, in exceptional cases, be transferred to affiliated AWS companies in the USA.
AWS is certified under the EU-U.S. Data Privacy Framework. Where personal data is transferred to the USA and the specific processing is covered by the certification, the transfer may be based on the EU-U.S. Data Privacy Framework. Where necessary, appropriate safeguards pursuant to Art. 44 et seq. GDPR are additionally used, in particular the European Commission’s Standard Contractual Clauses.
Further information can be found here:
AWS GDPR Data Processing Addendum: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/
AWS Privacy Notice: https://aws.amazon.com/de/privacy/
EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/
The use of AWS is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and reliable provision of the App.
The retention period for data processed in connection with hosting is governed by Section 14 of this Privacy Notice.
7. App access permissions
To provide certain App functions, the App requires access to individual functions of your mobile device. Access is granted only to the extent necessary for the respective function and, where legally required, after you have granted the corresponding permission.
7.1 Location data
The App may access location data from your device if you actively allow this. Location access may be required in particular to provide you with location-based functions, for example:
displaying your location on the site map;
orientation on the festival grounds;
information about stages, food spots, awareness points or other places near you;
location-based notifications, where this function is activated.
Depending on the function, the legal basis for processing location data is your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG, the performance of contractual or pre-contractual measures pursuant to Art. 6(1)(b) GDPR, or our legitimate interest pursuant to Art. 6(1)(f) GDPR in the user-friendly provision of map, orientation and safety functions.
You can disable location permissions at any time via the system settings of your device or, where provided, via the App settings.
The retention period for location data is governed by Section 14 of this Privacy Notice.
8. Use of cookies, tokens and similar technologies
8.1 General information
Our App uses cookies, tokens and similar technologies. These may include, in particular, technical identifiers, digital certificates, session IDs, app instance IDs, Firebase installation IDs or other information that is stored on or read from your device.
These technologies may serve different purposes:
technical provision of the App;
maintaining a session;
storing App settings;
storing and documenting consents;
sending push notifications;
error diagnostics and App stability;
analysing App use, provided that you have consented to this.
Where the use of these technologies is technically necessary, processing is carried out on the basis of Section 25(2) No. 2 TDDDG and Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and functional provision of the App.
Where the use of these technologies is not technically necessary, in particular for analytics or marketing purposes, processing is carried out only on the basis of your consent pursuant to Section 25(1) TDDDG and Art. 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future.
The retention period for the respective technologies is governed by Section 14 of this Privacy Notice.
8.2 Consent management with ConsentManager
Our App uses ConsentManager’s consent technology to obtain, manage and document your consent to storing certain information on your device or to the use of certain technologies.
Provider:
Jaohawi AB
Håltegelvägen 1b
72348 Västerås
Sweden
Website: https://www.consentmanager.de
When you use our App, a connection is established to ConsentManager’s servers in order to obtain and document your consents and other declarations regarding the use of certain technologies. ConsentManager then stores a technical identifier in order to assign granted consents, rejections or withdrawals.
In particular, the following data may be processed:
consent status;
time of consent or rejection;
time of withdrawal;
technical information about the device;
anonymised or pseudonymised user identifier;
App version or consent banner version used.
ConsentManager is used in order to obtain and be able to prove legally required consents. The legal basis is Art. 6(1)© GDPR. Where the storage of or access to information on your device is technically necessary, this is additionally carried out on the basis of Section 25(2) No. 2 TDDDG.
We have concluded a data processing agreement with ConsentManager pursuant to Art. 28 GDPR.
The retention period for consent data is governed by Section 14 of this Privacy Notice.
8.3 Ticket shop
The ticket shop is provided and controlled under data protection law by our ticketing partner CTS EVENTIM AG & Co. KGaA. You can access the ticket shop via a link within the App.
Please note that the ticket shop is no longer within our area of responsibility. The CTS EVENTIM Privacy Notice applies to the data processing carried out there:
https://www.eventim.de/help/data-protection/
9. Error analysis and App stability with Google Firebase Crashlytics
This App uses Google Firebase Crashlytics for error analysis, crash reporting and ensuring stable App operation.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Google Ireland Limited is the responsible entity for users in the EU, EEA and Switzerland. In addition, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be involved in the processing.
Firebase Crashlytics allows crashes and technical errors of the App to be detected, evaluated, prioritised and resolved.
In particular, the following data may be processed:
App version;
device type and device model;
operating system and operating system version;
date and time of use or crash;
information about App crashes;
crash stack traces;
extracted minidump data;
Firebase installation ID;
Crashlytics installation UUID;
IP address;
technical diagnostic and log data.
Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring stable, secure and functional App operation, error analysis and the prevention of future crashes or disruptions.
Where data is transferred to the USA, this is carried out on the basis of the EU-U.S. Data Privacy Framework, insofar as the specific processing is covered by the certification, and additionally on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular the European Commission’s Standard Contractual Clauses.
Further information can be found here:
Firebase privacy: https://firebase.google.com/support/privacy
Firebase Data Processing Terms: https://firebase.google.com/terms/data-processing-terms
Firebase Terms: https://firebase.google.com/terms/
Firebase subprocessors: https://firebase.google.com/terms/subprocessors
Google Data Privacy Framework certification: https://www.dataprivacyframework.gov/participant/5780
The retention period for Crashlytics data is governed by Section 14 of this Privacy Notice.
10. Push notifications with Google Firebase Cloud Messaging
If you activate the push function, we use Google Firebase Cloud Messaging to send push notifications to Apple and Android devices.
Push notifications may in particular relate to the following content:
safety-related events;
warnings;
organisational notices;
information relating to the festival;
programme changes;
general festival information.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
In addition, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be involved in the processing.
For sending push notifications, the following data in particular is processed:
Firebase Cloud Messaging token;
Firebase installation ID;
technical device information;
IP address;
information on whether push notifications are activated;
technical delivery information.
Processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You can withdraw your consent at any time with effect for the future by disabling push notifications in the settings of your device or, where provided, in the App settings.
Where data is transferred to the USA, this is carried out on the basis of the EU-U.S. Data Privacy Framework, insofar as the specific processing is covered by the certification, and additionally on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular the European Commission’s Standard Contractual Clauses.
Further information can be found here:
Firebase privacy: https://firebase.google.com/support/privacy
Firebase Data Processing Terms: https://firebase.google.com/terms/data-processing-terms
Firebase Terms: https://firebase.google.com/terms/
The retention period for push data is governed by Section 14 of this Privacy Notice.
11. Analysis of App use with Google Firebase Analytics
We use Google Analytics 4 for Firebase to statistically evaluate use of the App and to improve the App. Analytics is carried out only if you have previously consented.
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Google Analytics 4 for Firebase enables us to analyse the use of the App and to create reports on App activities. This allows us to better understand which App functions are used frequently or rarely and how we can improve the App technically and in terms of content.
In particular, the following data may be processed:
App opens;
interactions within the App;
clicks on content or functions;
clicks on external links;
dwell time;
operating system used;
device model;
language setting;
app instance ID;
Firebase installation ID;
event data;
aggregated usage statistics.
Google Analytics uses technologies that may enable recognition of the user or the device for the purpose of analysing user behaviour, for example tokens, app instance IDs or comparable identifiers.
According to Google, IP anonymisation is enabled by default in Google Analytics 4. According to Google, the IP address transmitted in the context of Google Analytics is not combined with other Google data.
Use of this service is based exclusively on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent is voluntary and may be withdrawn at any time with effect for the future.
Where data is transferred to the USA, this is carried out on the basis of the EU-U.S. Data Privacy Framework, insofar as the specific processing is covered by the certification, and additionally on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular the European Commission’s Standard Contractual Clauses.
Further information can be found here:
Google Analytics Terms: https://privacy.google.com/businesses/controllerterms/mccs/
Firebase privacy: https://firebase.google.com/support/privacy
Firebase Data Processing Terms: https://firebase.google.com/terms/data-processing-terms
Google Data Privacy Framework certification: https://www.dataprivacyframework.gov/participant/5780
The retention period for analytics data is governed by Section 14 of this Privacy Notice.
12. Online marketing with EDGE
For marketing measures on our website, in the App and on social networks, we engage EDGE for support.
Provider:
EDGE Entertainment Digital GmbH
a subsidiary of CTS EVENTIM AG & Co. KGaA
EDGE supports us in particular in planning, managing and evaluating marketing campaigns on high-reach platforms such as Facebook, Instagram, Google, YouTube and TikTok.
Processing is carried out on the basis of Art. 6(1)(f) GDPR, insofar as it is necessary for planning and managing marketing measures and no overriding interests or fundamental rights of the data subjects oppose this. Our legitimate interest lies in effectively promoting our events and offers.
Where personal data is transferred or used for advertising purposes that require consent, processing takes place only on the basis of your consent pursuant to Art. 6(1)(a) GDPR and, insofar as information is stored on or read from your device, additionally on the basis of Section 25(1) TDDDG.
If you purchase products on our platforms or interact with our offers, personal data may be transferred to EDGE for marketing purposes, provided that there is a legal basis for this. Where we jointly determine the purposes and means of processing with EDGE, joint controllership pursuant to Art. 26 GDPR exists.
The retention period for data processed in connection with online marketing is governed by Section 14 of this Privacy Notice.
13. Location data and Mapbox map service
Users can use the location function of their smartphone for selected functions. This allows us, for example, to show you current information about stages, food spots, awareness points or other places near you. You can disable location determination at any time via the system settings of your device.
13.1 Mapbox
To help you orient yourself better at our events, we have integrated Mapbox.
Provider:
Mapbox Inc.
740 15th Street NW, 5th Floor
Washington, District of Columbia 20005
USA
With the help of Mapbox, we can provide map material and orientation functions in the App.
For the use of Mapbox functions, the following data in particular may be processed:
IP address;
location data or geodata, provided that you have activated the location function;
session ID;
map usage data;
device and browser information;
date and time of access;
map section and zoom level;
billing and usage data.
This data may be processed on servers of Mapbox or of service providers used by Mapbox. Processing in the USA is possible.
The legal basis for processing is Art. 6(1)(f) GDPR, insofar as processing is necessary to provide the map and orientation function. Our legitimate interest lies in user-friendly orientation on the festival grounds, visitor guidance and improving the safety and information of festival visitors.
Where location processing requires consent, processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
Mapbox is certified under the EU-U.S. Data Privacy Framework. Where personal data is transferred to the USA and the specific processing is covered by the certification, the transfer may be based on the EU-U.S. Data Privacy Framework. Where necessary, appropriate safeguards pursuant to Art. 44 et seq. GDPR are additionally used.
Further information can be found here:
Mapbox Privacy Notice: https://www.mapbox.com/legal/privacy
EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/
The retention period for Mapbox and location data is governed by Section 14 of this Privacy Notice.
14. Retention period and deletion of personal data
We store personal data only for as long as this is necessary for the purposes stated in this Privacy Notice or where statutory retention, evidence or documentation obligations require longer storage.
After expiry of the respective retention period, personal data is deleted or anonymised. Where data is stored locally on your device, you may also remove it, depending on the function, by changing the App settings, resetting the App, deleting individual App data or uninstalling the App.
The following storage and deletion periods apply in particular to the App:
14.1 App download and installation
Data processed when downloading and installing the App via the Apple App Store or Google Play Store is generally processed by the respective store provider. We do not store this data beyond the period required for download and installation.
14.2 General usage data and server log files
General usage data, in particular IP address, date and time of access, device specification, operating system, browser information, and name and URL of the accessed file, is stored only temporarily.
Server log files, in particular access, error and security logs, are generally stored for 60 days and then deleted or anonymised.
Longer storage takes place only where this is necessary in an individual case for investigating specific security incidents, preventing misuse, ensuring technical stability or asserting, exercising or defending legal claims.
14.3 Hosting and technical operational data
Technical operational data processed via hosting and infrastructure services for the provision, security and functionality of the App is stored only for as long as necessary for the secure and stable operation of the App.
Where this data forms part of server log files, the retention period under Section 14.2 applies. Where data is stored in backups, it is overwritten or deleted as part of the regular backup routines, unless longer storage is required for security reasons or legal defence.
14.4 ConsentManager data
Data for managing and documenting your consents, in particular consent status, time of consent, rejection or withdrawal, and technical evidence data, is stored for as long as this is necessary to prove the consent or rejection.
Storage generally takes place for the duration of App use and beyond that for up to three years from the end of the year in which the consent was granted, rejected or withdrawn, insofar as this is necessary to fulfil statutory evidence obligations or to defend against legal claims.
You can also remove locally stored consent data by deleting the App data, resetting the App or uninstalling the App. Statutory evidence and documentation obligations remain unaffected.
14.5 Firebase Cloud Messaging token and push data
Firebase Cloud Messaging tokens and Firebase installation IDs used for sending push notifications are generally stored server-side for up to 270 days after inactivity.
On the App side, these identifiers remain until the App is deleted or reset, until the App is uninstalled, or until the identifier is technically renewed.
If you disable push notifications or withdraw your consent, no further push notifications will be sent to your device from that point onwards, insofar as they are based on your consent. Technical identifiers already stored are deleted or deactivated in accordance with the aforementioned deletion periods and technical routines.
14.6 Firebase Crashlytics
Data for error analysis and App stability, in particular crash stack traces, extracted minidump data, Crashlytics installation UUID, Firebase installation ID and technical diagnostic data, is generally stored for 90 days.
After expiry of this period, the process of removal from live and backup systems begins. Longer storage takes place only where this is necessary in an individual case for investigating specific security incidents, resolving serious technical errors, preventing misuse or asserting, exercising or defending legal claims.
14.7 Google Analytics 4 for Firebase
Data for analysing user behaviour using Google Analytics 4 for Firebase is processed only if you have consented.
The analytics data processed for this purpose, including app instance ID and associated event data, is automatically deleted after 14 months.
If you withdraw your consent, no further analytics data will be processed on the basis of this consent from that point onwards. The lawfulness of processing carried out up to the time of withdrawal remains unaffected.
14.8 Mapbox data and location data in connection with the map function
Mapbox billing and session IDs as well as IP addresses are generally deleted after 30 days.
Where location data is linked to a Mapbox session ID, this link is generally removed after 24 hours.
Precise location data is not permanently stored for the creation of movement profiles in connection with the map and orientation function.
If you disable location permissions via your device, no new location data will be collected for this function from that point onwards.
14.9 Location-based App functions
Where the App processes location-based information in order to show you notices about places near you, this data is processed only for as long as necessary for the respective function.
Permanent location tracking does not take place. Location data is not used to create movement profiles unless this has been expressly described and permitted by you.
14.10 Online marketing with EDGE
Personal data processed in connection with online marketing and campaign management is stored only for as long as necessary for the respective campaign, evaluation or documentation.
Where processing is based on your consent, no further data will be processed on the basis of this consent after withdrawal. Data already processed is deleted or anonymised as soon as it is no longer required for the respective marketing purposes and no statutory retention or evidence obligations prevent deletion.
Where data is required for asserting, exercising or defending legal claims, it may be stored for up to three years from the end of the year in which the respective matter was completed.
14.11 Support requests and correspondence
Support requests and other correspondence, in particular email address, name, contact details and content of the request, are generally stored for up to three years after final processing, insofar as this is necessary for documentation, processing follow-up questions or asserting, exercising or defending legal claims.
Where statutory retention obligations exist in an individual case, longer storage may take place.
14.12 Local data on your device
Data stored locally on your device generally remains there until you delete it yourself, reset the App data or uninstall the App.
This may include, in particular, local App settings, consent information, technical identifiers, push settings or other local App data.
15. Disclosure of personal data
We disclose personal data to third parties only where there is a legal basis for doing so. This is the case in particular where:
you have expressly consented pursuant to Art. 6(1)(a) GDPR;
disclosure is necessary for the performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR;
there is a legal obligation pursuant to Art. 6(1)© GDPR;
disclosure is necessary to safeguard our legitimate interests pursuant to Art. 6(1)(f) GDPR and your interests, fundamental rights and freedoms do not override them;
we use service providers as processors pursuant to Art. 28 GDPR.
Recipients of personal data may include in particular:
hosting and infrastructure service providers;
App development and operation service providers;
consent management service providers;
analytics and error diagnostics service providers;
push notification services;
map service providers;
marketing service providers;
lawyers, auditors, courts, authorities or experts, where legally required.
16. Data transfers to third countries, in particular the USA
We use service providers that are partly based outside the EU or the EEA, or where processing of personal data outside the EU or the EEA cannot be ruled out. This applies in particular to service providers with a connection to the USA.
Personal data is transferred to third countries only if the requirements of Art. 44 et seq. GDPR are met. This may take place in particular on the basis of:
an adequacy decision by the European Commission;
the EU-U.S. Data Privacy Framework, insofar as the respective recipient is certified and the specific processing is covered by the certification;
the European Commission’s Standard Contractual Clauses;
additional technical and organisational protective measures, where required.
The European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework. According to this decision, personal data may be transferred to certified U.S. companies, provided that the respective processing is covered by the certification.
Where a transfer is not fully covered by an adequacy decision or DPF certification, we use appropriate safeguards pursuant to Art. 46 GDPR, in particular the European Commission’s Standard Contractual Clauses. In addition, personal data is transferred in encrypted or pseudonymised form where technically possible and appropriate.
17. Data subject rights
Subject to the statutory requirements, you have the following rights:
pursuant to Art. 15 GDPR, the right to obtain information about the personal data processed by us;
pursuant to Art. 16 GDPR, the right to rectification of inaccurate personal data or completion of incomplete personal data;
pursuant to Art. 17 GDPR, the right to erasure of personal data, unless statutory or legitimate reasons for further storage prevent deletion;
pursuant to Art. 18 GDPR, the right to restriction of processing;
pursuant to Art. 20 GDPR, the right to data portability;
pursuant to Art. 7(3) GDPR, the right to withdraw consent previously granted at any time with effect for the future;
pursuant to Art. 21 GDPR, the right to object to certain processing operations;
pursuant to Art. 77 GDPR, the right to lodge a complaint with a data protection supervisory authority.
To exercise your rights, it is sufficient to send an email to:
datenschutz@eventimpresents.com
18. Right to object
Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data where there are grounds relating to your particular situation.
If your objection is directed against direct marketing, you have a general right to object. In this case, the processing of your personal data for direct marketing purposes will be stopped without you having to provide grounds relating to a particular situation.
If you wish to exercise your right to object, it is sufficient to send an email to:
datenschutz@eventimpresents.com
19. Withdrawal of consents
Where processing is based on your consent, you may withdraw this consent at any time with effect for the future.
Depending on the function, you can withdraw your consent in particular by:
changing your selection in the consent banner or in the App’s privacy settings;
disabling push notifications in the settings of your device;
disabling location permissions in the settings of your device;
contacting us by email at datenschutz@eventimpresents.com.
The lawfulness of processing carried out up to the time of withdrawal remains unaffected.
20. Data security
We use SSL or TLS encryption within the App. This protects data transmitted between the App and our systems in accordance with the state of the art.
We also implement appropriate technical and organisational security measures to protect personal data against accidental or intentional manipulation, loss, destruction, unauthorised access or unauthorised disclosure. Our security measures are continuously adapted and improved in line with technological developments.
21. No sale of personal data
We do not sell personal data. Personal data is transferred to third parties only in accordance with this Privacy Notice and only where there is a legal basis for doing so.
22. Currency and amendment of this Privacy Notice
This Privacy Notice is currently valid and is dated June 2026.
Due to the further development of the App, changes to the services used or changed legal, technical or regulatory requirements, it may become necessary to amend this Privacy Notice. The current version of this Privacy Notice applies.
Last updated: June 2026