We have had this document translated for you. You can find the legally binding document in German at this link: https://codecheck-app.com/de/datenschutzerklaerung/
1. Name and contact details of the person responsible (data controller) for processing and of the company data protection officer
This Privacy Policy applies to data processing within the framework of the web pages/websites of our company, including www.codecheck.info and the mobile app (hereinafter referred to as the "offer") by:
Data controller: Producto Check GmbH (hereinafter referred to as "Producto Check"), Chausseestrasse 84, 10115 Berlin, Germany
Email: service@codecheck.info
Phone: +49 (0) 30 - 91207110
Our data protection officer is available at: datenschutz@codecheck.info
2. Collection and storage of personal data as well as type and purpose of its use
2.1 Consent management
We take part in the IAB Europe Transparency & Consent Framework and comply with its specifications and guidelines. For this purpose, we use the Consent Management Platform (CMP) of Sourcepoint Technologie Inc., 228 Park Ave S #87903, New York 10003-1502, USA as a processor. Sourcepoint's CMP allows you to give us data protection-compliant consent to the processing of your data and to revoke it at any time. You can also object to data processing based on our legitimate interest.
Sourcepoint processes personal data in the USA. We have made appropriate safeguards with Sourcepoint in the form of standard contractual clauses of the European Union to ensure an adequate level of protection when your personal data is processed. A copy of the standard contractual clauses adopted by the EU Commission is available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de.
You can find an overview of your settings, the purposes and third parties involved in the Privacy Manager. Further information on data protection and the CMP can be found on the website of Sourcepoint: https://www.sourcepoint.com/privacy-notice.
2.2 Visiting the website/mobile apps
When accessing our websites, among others http://www.codecheck.info/ or our mobile apps, the browser/app used on your end device automatically sends information to our server. This information is stored temporarily, namely for a period of 30 days, in a so-called log file and then anonymised by truncation of the IP address.
The following information is collected and stored without your intervention:
- IP address of the requesting computer
- The date and time of access
- The name and URL of the accessed file
- The website from which access is made (referrer URL)
- Type and version of the browser/app as well as other information transmitted by the end device (such as the operating system of your device, the name of your access provider, language settings, etc.)
The data listed will be processed by us for the following purposes:
- To ensure a smooth connection to the website and app
- To ensure convenient use of our website or app
- To evaluate the system's security and stability
The legal basis for the processing of data is Art. 6 (1) clause 1 lit. f) GDPR. Our legitimate interest arises from the purposes listed above for data collection. Under no circumstances will we use the data collected for the purpose of drawing conclusions about you.
We use the services of the provider Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA on our offers, in particular to prevent DDoS attacks or other misuse and to improve the performance of our offers. Cloudflare acts as a processor and examines the connections to our pages and also processes the above information on our behalf. Cloudflare also processes this data in countries outside the European Union, in particular in the USA. To secure the transfers to these countries with Cloudflare, we have concluded standard contractual clauses from the European Commission in order to ensure an appropriate level of data protection during processing. You can retrieve a copy of the concluded clauses athttps://www.cloudflare.com/de-de/cloudflare-customer-dpa/ .
When you use our website and app, we collect certain information about how you use our offers (e.g. which pages and products you visit, what you click on, which functions you use, your approximate whereabouts if you allow tracking of your location via your device). We use this information to gain insights into the use of our offers, to conduct market research and to improve our products. We do not want to draw any conclusions about you as a person with this information and will not identify you. We therefore collect this information using a session identifier. This means that after you end your respective browser session, this information remains anonymous and can no longer be attributed to you.The legal basis for collecting this information and processing it for the period of your browser session is detailed in the Article 6, 1 clause 1 lit. f) GDPR. Our legitimate interest arises from the purposes listed above for data collection.
In addition, we use other analysis and marketing services when visiting our website, which may also store information on your device or retrieve information stored there. For further information, please refer to Section 4 of this Privacy Policy.
2.3 Registration as a user
Registration is necessary to be able to use all functions of the offer. When registering, your email address and a password you set are collected and stored as inventory data.
To confirm your registration and for your own protection against improper registration by third parties, we will send you a confirmation message through your specified email address. You can then view and, if necessary, change your personal data in the password-protected user area of the offer.
We process this data in order to provide you with the user account and the functions contained therein. The legal basis is Art. 6 (1) lit. b) GDPR. We store your data until you cancel your account. Then, your data will be deleted immediately.
2.4 Using the functions of the website and the app
2.4.1 Use of the functions and personalisation of your use
Our offers offer you certain functions, such as leaving comments on products or giving feedback. We process the information provided by you in order to provide the function. Insofar as you leave comments, these will only be published anonymously. It will not be clear to other users who created the comment.
If you are a registered user, we will personalize our offer for you. This happens based on your usage of data, which we record when you visit your website (see Section 2.2 above). In contrast to use as a non-registered user, the data collected is not made anonymous after the session has ended, but is assigned to your user profile in this case. For example, we may provide you with activity reports in your usage profile. In addition, we personalize our offer based on information that you actively provide us with. You can also make certain settings in your profile, for example whether you eat vegetarian or gluten-free. In addition, you can specify whether you wish to avoid certain ingredients (e.g., silicone or microplastics), health effects (e.g., hormonal effects, allergenic substances) or nutritional values (e.g., high salt content). When you scan a product, you will receive from us the relevant additional information that is particularly relevant to you. In addition, the website or app stores the products you scan locally in a history where you can track your activities.
The legal basis for the provision of these functions is Art. 6 (1) lit. b) GDPR. We store your data until you cancel your account. The data is then deleted or anonymised if there are comments or feedback.
2.4.2 Analysis of your usage
If you are an unregistered user, we will only analyse your use as described above under 2.2. If you are a registered user, we use the information given as well as the information we use to provide you as a registered user with the personalized offer in order to gain insights into the use of our offers, to conduct market research and to improve our products. This information can be assigned to you as a person via the user account, but as with the analysis of the usage data of non-registered users, it is not our intention to draw conclusions about you as a person, but to obtain information about the use of our offers .
The legal basis for the collection of this information and its processing is detailed in the Article 6, 1 clause 1 lit. f) GDPR. Our legitimate interest follows from the above-mentioned purposes. We process your data until you cancel your account. The data will subsequently be deleted.
2.5 CodeCheck PLUS
You can make a paid in-app purchase of CodeCheck PLUS in our app. We use Purchasely, 59 promenade du Verger, 92130 Issy-les-Moulineaux to provide CodeCheck PLUS. In doing so, we process the data you provided during registration in order to provide you with the subscription. In this context, we also process your device identifier together with some other technical information, such as the device model and name, the operating system used, the language, the app version and the country selected in the app store. In addition, we process an identifier that we exchange with the app store operator. We also receive information from the app store operator as to whether you have paid. We also process information about your chosen subscription such as the duration, start, end and renewal of the subscription, the status, the payment status, the cancellation date if applicable, your invoices and transactions, and your order history. We process this data in order to manage your subscription and your payment and to initiate, conclude and fulfil the contract concluded with you (Art. 6 para. 1 lit. b) DSGVO). The data is processed for the duration of the subscription for the aforementioned purpose and thereafter retained for as long as you have a user account with us. Please note that your app store provider may carry out further processing. You will find more detailed information on this in the privacy policy of your app store provider.
2.6 Registering for our newsletter
2.6.1 Registration and dispatch with consent
You can subscribe to Producto Check's email newsletter through the corresponding functions on Producto Check's website. Your subscription to the newsletter will be secured by means of an additional confirmation message to your email address, which will contain a link for final registration (so-called "double opt-in"). This rules out illegal registration by third parties, insofar as we can act on it.
The subscription includes the consent to receive the regular newsletter, which may contain up-to-date information on the offer of Producto Check and references to special product offers as well as advertisements for other services and benefits of Producto Check. After registration, your email address will be used by Producto Check for its own advertising purposes. You can unsubscribe from our newsletter at any time by using the unsubscribe link at the end of each newsletter or by just sending an email to service@codecheck.info. This does not affect the legality of data processing carried out prior to the time of unsubscribing.
The processing required for the aforementioned purposes is based on Art. 6 (1) lit. a) GDPR. Your data will be stored for this purpose until you revoke your consent.
2.6.2 The service provider Mailchimp
For our newsletter service, we use the services of Mailchimp, a newsletter distribution platform of the US company Rocket Science Group // 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Mailchimp processes personal data in the USA, among other places. We have made appropriate safeguards with Mailchimp in the form of standard contractual clauses of the European Union to ensure an adequate level of protection when your personal data is processed. A copy of the standard contractual clauses adopted by the EU Commission is available at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de
You can view Mailchimp's privacy policy here: https://mailchimp.com/legal/privacy/
You can unsubscribe at any time, for example, via a link at the end of each newsletter. Alternatively, you are welcome to send your request to unsubscribe at any time to service@codecheck.info by email.
2.6.3 Analysing your use of the newsletter
We would like to point out that we evaluate your user behaviour when sending newsletters. We record which newsletters are opened and which links are clicked in these emails. With this information, we want to adapt the future dispatch of newsletters, as well as your experience on our website, even more precisely to your needs. The legal basis for this is Art. 6 1 f) GDPR. In doing so, we are interested in adapting the newsletters that you have requested from us according to your needs. The links in newsletters contain so-called UTM parameters for analysis purposes. These UTM parameters allow us to add trackable extensions to your URLs. The parameters are:
- Medium: this parameter describes the medium in which the link is embedded. Examples: email, social media or website
- Source: with this UTM parameter, we define the source of the link. These can be newsletters, websites, apps or social media channels
- Campaign: this type of UTM parameter identifies the actual campaigns. For example, if we send you a newsletter every month, the individual newsletters can be evaluated separately.
The UTM data is collected exclusively in pseudonymised form.
2.7 Using our contact form
If you have any queries, you can contact us using the contact form provided on the website. In doing so, the following information is required:
- Query
- First name and surname
- Address
- A valid email address
We need your data to determine who sent the request and to be able to answer it. In addition, you are free to enter your phone number.
Data processing is carried out at your request and in the context of the contact request on our legitimate interests in accordance with Art. 6 (1) clause 1 lit. f) GDPR.
The personal data collected by us for the use of the contact form will be deleted after your request has been processed.
3 Special information on recipients and transfers to third countries
Insofar as we process your data ourselves, this is only carried out internally by authorised employees.
We work externally with various service providers and processors, as has already been specifically mentioned in some parts of this Privacy Policy. This applies above all to processing operations that we cannot or cannot reasonably carry out ourselves. These are, for example, IT and telecommunications service providers, service providers for sending email messages and marketing companies.
Further explanation of consent to third-country transfers: Some non-EU countries (e.g., the United Kingdom) have been classified by the European Commission as safe third countries under data protection law. However, your consent to data processing also refers to any transfer required for the purposes described to third countries outside the EU where there is no adequate level of data protection. In case of doubt, the third countries concerned, in particular the USA, do not have a level of data protection comparable to European law. This can lead, for example, to more difficult enforcement of your data subject rights or to less control over further use of your data. The data may also be accessed by public authorities without you being entitled to effective remedies.
4 Storage of information on and retrieval of information from your end device, in particular for analysis and advertising purposes
Our offer stores certain information and accesses certain information stored on your end device (e.g., in the form of cookies). This is carried out primarily if it is necessary for the use of our offer and its functions (Section 25 (2) No. 2 TTDSG).
In addition, we store information or access stored information on your end device in order to pursue other purposes, in particular, to analyse your use of our offers or to market our offers. In these cases, however, we will ask for your express consent beforehand.
4.1 On the website and apps
On our website and in the apps, we use consent management technologies to manage your consent (see 2.1 above). There you have different consent options for using certain technologies or providers for different purposes. These are the advertising purposes of the Transparency & Consent Framework (TCF), which we are briefly showing you below.
4.1.1 Legal bases and revocation or objection
The majority of processing for the purposes described below is based on your consent pursuant to Art. 6 (1) lit. a) GDPR. You can use this to revoke your consent with effect for the future at any time.
In addition, we base certain processing operations on a legitimate interest, which can then be viewed in the described processing purpose (Art. 6 1 lit. f) GDPR). In this case, you can declare your objection with effect for the future at any time.
You can change your settings on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.2 Recording and transmission of your consent preferences
Irrespective of the purposes described below, your consent will in any case be transmitted to the providers selected by us and visible in the consent management in the form of the so-called TC string, a string that reflects the preferences you have set in the consent management. This is necessary and is in our legitimate interest so that your settings are respected by all participants of the TCF. The processing operations are therefore based on Art. 6 (1) lit. f) GDPR.
4.1.3 Select simple ads
For the purpose "Select simple ads", we or the relevant third-party providers process information about the context in which an ad is displayed as well as the device used and corresponding device data, such as device type and functions, browser ID, URL, IP address and your approximate location data so as to make the ads displayed to you as accurate as possible and interesting. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.4 Create a personalised ad profile
For the purpose "Create a personalised ad profile", our website uses services that create a profile about your activities. In particular, this profile may contain information about your interests, the websites you visited, demographic information or your location. This is also done in order to be able to display advertisements as accurately as possible. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.5 Select personalised ads
For the purpose "Select personalised ads", we use services that use the ad profile just described in order to then display ads tailored to you. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.6 Create a personalised content profile
For the purpose "Create a personalised content profile", we will create a profile about your use of our website with information about your activities, interests, the websites you visited, demographic information or location. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.7 Select personalised content
For the purpose "Select personalised content", we will use the content profile just described in order to then display content tailored to you. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.8 Measure ad performance
For the purpose "Measure ad performance", we use services that check the performance of ads. The services check, for example, which ads have been shown to you how often and how you interact with them as a user. The services can also generate reports about ads that contain this information. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.9 Measure content performance
For the purpose "Measure content performance", we use services that check the content of ads. The services check, for example, which content has been shown to you how often and how you interact with it as a user. The services can also generate reports on the performance of content that contains this information. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.10 Market research (insights on target groups)
For the purpose of market research, we use services that generate reports for advertisers or other companies about aggregated information on target groups, as well as groups reached through content and ads. In doing so, the reports do not allow a conclusion to be drawn about an identified or identifiable person. However, in order to create these reports, information about your usage behaviour is processed. In addition, for market research purposes, offline data is assigned to an online user in order to gain insight into target groups, insofar as providers have stated that they will compare and merge offline data sources. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.1.11 Product development and improvement
For the purpose of product development and improvement, information about your usage behaviour will be collected and processed. The service providers and suppliers used for this can be found on the website by clicking on the link "Privacy settings" at the bottom of the page and in the app by selecting the menu item "Privacy settings".
4.2 The app
We currently use the following technologies in the app, ones which are absolutely necessary to present our offer to you. The following technologies are used:
4.2.1 Firebase
For our app, we use the service Firebase of the provider Google Ireland Ltd ("Google"). We use Firebase to monitor the speed, functionality and performance of our app (performance monitoring) and to create error logs. In the process, information is also stored on your end device or information stored on it is accessed. When transmitting the data, your IP address is processed to establish the connection. In addition, error reports include Crashlytics installation UUIDs, crash traces and breakpad minidump formatted data. In doing so, we rely on gaining knowledge about the app's performance and bugs, as without the insights derived from this, we would not be able to offer the app in a functional way to all of our users.
We also process the data collected in this way after use for the purposes just mentioned in order to analyse your use of the app and to create usage profiles based on this. The analysis helps us to improve our offers and products.
The processing of personal data is carried out in our legitimate interest in gathering this knowledge and ensuring the functionality of our apps (Art. 6 para. 1 p. 1llit. f) DS-GVO). Insofar as we are permitted to process your advertising ID with your consent (Art. 6 para. 1 lit. a) DSGVO), this is also taken into account in the analysis. The recorded usage data is processed for analysis purposes for one year and then deleted.
Insofar as you have separately agreed to receive push messages via your operating system settings or have consented to receive promotional emails (Art. 6 para. 1 lit. a) DSGVO), we will send you promotional information about our offers based on your use of the app.
Google or its subcontractors may also process personal data in the USA. We have therefore concluded suitable guarantees with Google in the form of standard contractual clauses of the European Union to ensure an adequate level of protection in the processing of your personal data. You can obtain a copy of the standard contractual clauses adopted by the EU Commission at: Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Drittländer.
In addition, Google LLC and all Google US subsidiaries are certified under the EU-US Data Privacy Framework (Digital Privacy Frameworkso that an adequate level of protection exists for transfers to these companies even without standard contractual clauses.
You can prevent the processing of personal data either by deactivating the corresponding function in the app or, in the case of Android devices, in the control panel.
4.2.2 Purchasely
We use Purchasely, 59 promenade du Verger, 92130 Issy-les-Moulineaux to provide CodeCheck PLUS. In this context, we also carry out statistical analyses and target group measurements in order to gain insights into the use of our app and to optimise the ordering process. In doing so, we use the actions you take in the app, which are recorded by us. The legal basis for this is our legitimate interest in pursuing the purposes described (Art. 6 para. 1 lit. f) DSGVO). We process your data for this purpose for a period of 3 years and then delete it.
Finally, we process personal data in order to be able to provide you with specific offers in our app for specific target groups. The legal basis for this is our legitimate interest in pursuing the purposes described (Art. 6 para. 1 lit. f) DSGVO). We process your data for this purpose for a period of 3 years and then delete it.
5 Social login
In order to facilitate your registration on our website and in the mobile apps, at the beginning of your registration, you have the option of logging in with the so-called single sign-on solution (e.g., via Apple, Facebook or Google).
The data protection provisions and terms of use of the providers apply to registration and use. In any case, your account details are entered directly in the provider's server. Your account details are not disclosed to us. The respective providers inform you which data of your provider account will be made available to us.
If you have allowed the respective provider to use the data, your personal data will be transmitted to us via the provider as part of registration. We will then process your data in accordance with our information in Section 2.3 above.
6 Social media profile
We have profiles on social networks. Our social media accounts complement our website and offer you the opportunity to interact with us. As soon as you access our social media profiles on the social networks, the terms and conditions and data processing guidelines of the respective operators apply. The data collected about you when using the services are processed by the networks and, if necessary, also transferred to countries outside the European Union where there is no adequate level of protection for the processing of personal data.
In principle, we have no influence on data processing in the social networks, since we are users of the network just as you are.
You can find information about this and which data is processed by social networks and for what purposes the data is used in the privacy policy of the respective network listed below. We use the following social networks:
6.1 Facebook
Our pages are: https://www.facebook.com/codecheck.info.de
The operator of the network is: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland-Ireland.
The network's privacy policy: http://www.facebook.com/about/privacy/
6.2 Instagram
Our pages are: https://www.instagram.com/codecheck_app/
The operator of the network is: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland-Ireland.
Privacy policy: https://help.instagram.com/519522125107875
6.3 Shared responsibility
We process personal data as the data controller when you send us enquiries via the social media profiles. We process this data in order to answer your enquiries, which also represents our legitimate interest (Art. 6 (1) lit. f) GDPR).
In addition, as joint data controllers we are jointly responsible with the following networks and for the following processing operations (Art. 26 GDPR).
As part of visiting our profiles on the Facebook and Instagram networks, the respective network collects aggregated statistics ("insights data") that are generated from certain events that are logged by their servers when you interact with our profiles and the related content. We receive these aggregated and anonymous statistics from the networks about the use of our respective profiles. In principle, we are not able to assign the data to specific users. To a certain extent, we can define the criteria according to which the respective network compiles these statistics for us. We use these statistics to make our profiles more interesting and informative for you. This also justifies our legitimate interest (Art. 6 (1) lit. f) GDPR) in the data collection that the respective social network carries out in order to provide us with statistics.
Further information on this data processing can be found in the respective joint controller agreement at:
- Facebook/Instagram; Information about Facebook insights
Incidentally, the respective network is solely responsible for the processing of your data.
7 Rights of the data subject
The General Data Protection Regulation guarantees you certain rights that you can assert against us - insofar as the legal requirements are met.
- Art. 15 GDPR – right of the data subject to information: You have the right to request confirmation from us as to whether personal data concerning you are being processed and, if so, what these are and the more detailed circumstances of the data processing.
- Art. 16 GDPR – right to correction: You have the right to request that we correct any incorrect personal data concerning you immediately. Taking into account the purpose of the data processing, you also have the right to demand the completion of your incomplete personal data – also by means of a supplementary declaration.
- Art. 17 GDPR – right to deletion: You have the right to request that we delete your personal data immediately.
- Art. 18 GDPR – right to restriction of processing: You have the right to ask us to restrict processing.
- Art. 20 GDPR – Right to data portability: In the case of processing based on consent or for the performance of a contract, you have the right to receive the personal data that you have provided to us in a structured, common, and machine-readable format, and to transmit this data to another responsible person without hindrance from us or to have the data transmitted directly to the other responsible person, insofar as this is technically feasible.
- Art. 77 GDPR in conjunction with Section 19 BDSG – Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the member state of your residence, your place of work or the place of the alleged violation, if you believe that the processing of the personal data concerning them violates applicable law.
In particular, the right to object and the right to withdraw consent
-
Art. 21 GDPR – Right of
objection: You have the right, for reasons that arise from your particular situation,
to file an objection at any time against the processing of personal data concerning you, which
is necessary due to a legitimate interest on our part or to safeguard a task in the public
interest, or in the exercise of official authority.
If you object, we will no longer process your personal data, unless we can prove compelling reasons for the processing which take precedence over your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct advertising purposes and we do not have your consent, you have the right to object to the processing at any time. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
In order to exercise your right of objection, you can, for example, send us an email via one of the aforementioned email addresses. -
Revocation of
consent: Where you have previously provided your consent, you have the right to
withdraw your consent at any time. In this case, all data processing that we have carried out
until your revocation shall remain lawful.
For this purpose, you can, in particular, unsubscribe from the newsletter by simply clicking on the link contained in each email and/or sending us a message through one of our email addresses. If you tell us in this message that you do not want to receive any emails in the future, we will no longer send messages to the email address you provided.
8 Requirement to provide personal data
You have no contractual or legal obligation to provide us with personal data. However, without the data you have provided, we will not be able to offer you our services.
9 Existence of automated decision-making (including profiling)
We do not subject you to automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR that produces legal effects concerning you or which affects you.
Berlin, July 2023