The pro­tec­tion of your per­son­al data when using our app is impor­tant to us. Here you can find out what data is col­lect­ed and used in the process.

1. Contact details of the person responsible

The respon­si­ble par­ty with­in the mean­ing of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPA) and oth­er nation­al data pro­tec­tion reg­u­la­tions is:

Smart­Stamp AG
Rothausstrasse 1,
8280 Kreuzlingen,
Switzerland

CHE-261.766.983

Com­mer­cial Reg­is­ter Thurgau
CH-440.3.033.830 – 6

Autho­rized to represent:
Friedrich Kisters, Juli Bail­er Phone
+41787222458
privacy@​smartstamp.​com

2. Overview

The fol­low­ing is an overview of the legal basis of the Euro­pean Reg­u­la­tion (EU) ²⁰¹⁶⁄₆₇₉, the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (here­inafter “GDPR”), on the basis of which we process per­son­al data. In addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al reg­u­la­tions on data pro­tec­tion apply in Switzer­land. These include, in par­tic­u­lar, the Fed­er­al Data Pro­tec­tion Act (DSG). The DSG applies in par­tic­u­lar if no EU/EEC cit­i­zens are affect­ed and, for exam­ple, only data of Swiss cit­i­zens is processed.

Below you will find an overview of the legal basis of the Euro­pean Reg­u­la­tion (EU) ²⁰¹⁶⁄₆₇₉, the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (here­inafter referred to only as “GDPR”), on the basis of which we process per­son­al data. In addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al data pro­tec­tion reg­u­la­tions apply in Switzer­land. These include, in par­tic­u­lar, the Fed­er­al Data Pro­tec­tion Act (FADP). The DSG applies in par­tic­u­lar if no EU/EEC cit­i­zens are affect­ed and, for exam­ple, only data of Swiss cit­i­zens is processed.

With the fol­low­ing data pro­tec­tion dec­la­ra­tion, we inform you in par­tic­u­lar about the type, scope, pur­pose, dura­tion and legal basis of the pro­cess­ing of per­son­al data, inso­far as we decide either alone or joint­ly with oth­ers on the pur­pos­es and means of pro­cess­ing. In addi­tion, we inform you below about the third­par­ty com­po­nents we use for opti­miza­tion pur­pos­es and to increase the qual­i­ty of use, inso­far as third par­ties process data under their own responsibility.

3. Collection of personal data when using the app

Per­son­al data of users is col­lect­ed and used only to the extent nec­es­sary to pro­vide a func­tion­al app and our con­tent and services.

Every use of our app and every retrieval of a file stored in the app are logged.
Logged are: Name of the retrieved file, date and time of retrieval, amount of data trans­ferred, noti­fi­ca­tion of suc­cess­ful retrieval, app iden­ti­fi­er and request­ing domain. In addi­tion, the IP address­es of the request­ing devices are logged. The reg­is­tra­tion of access­es is done for rea­sons of data secu­ri­ty and to ensure the sta­bil­i­ty and oper­a­tional secu­ri­ty of our sys­tem and to pro­tect against pos­si­ble attacks from the out­side. In addi­tion, the data is sta­tis­ti­cal­ly eval­u­at­ed for the opti­miza­tion of the offer. Based on the logged data, it is not pos­si­ble to trace which con­tent you have accessed or which files you have retrieved.

The tem­po­rary col­lec­tion of the data is nec­es­sary to enable deliv­ery of the con­tent to the end devices and to ensure their play­back. A com­bi­na­tion of this data with oth­er data sources does not take place.
The data is delet­ed as soon as it is no longer required to achieve the pur­pose for which it was collected.
The col­lec­tion of data for the pro­vi­sion of the app and its stor­age is absolute­ly nec­es­sary for the oper­a­tion of the offer, so that there is no pos­si­bil­i­ty of objec­tion on the part of the users.

4. Contacting us

Users have the option of con­tact­ing us via an online con­tact form or via email. The per­son­al data pro­vid­ed to us for this pur­pose (e.g. name, address, tele­phone num­ber or email address) are used exclu­sive­ly for pro­cess­ing the con­tact requests of the users. The data will not be passed on to third par­ties or published.

The data is delet­ed as soon as it is no longer required to achieve the pur­pose for which it was col­lect­ed. This is the case when the pro­cess­ing of the respec­tive request has been com­plet­ed, i.e. when it is clear from the cir­cum­stances that the mat­ter in ques­tion has been con­clu­sive­ly clarified.

You may at any time revoke your con­sent to the pro­cess­ing of your per­son­al data and object to the stor­age of the per­son­al data that you have trans­mit­ted to us. In this case, the con­ver­sa­tion can­not be con­tin­ued. For this pur­pose, users can con­tact the con­tact address­es pro­vid­ed by us. All per­son­al data stored in the course of con­tact­ing us will then be deleted.

We would like to point out that the con­fi­den­tial­i­ty of emails or oth­er elec­tron­ic forms of com­mu­ni­ca­tion on the Inter­net can­not be guar­an­teed. For con­fi­den­tial infor­ma­tion we rec­om­mend the postal service.

5. Third party services

5.1. Google

We use var­i­ous ser­vices pro­vid­ed by Google. Depend­ing on the state in which users are locat­ed, the data con­troller is:

Google Ire­land Lim­it­ed Gor­don House, Bar­row Street Dublin 4^th Ire­land for users of Google ser­vices who are habit­u­al­ly res­i­dent in the Euro­pean Eco­nom­ic Area or Switzer­land, or

Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043 USA for users of Google ser­vices who have their habit­u­al res­i­dence in oth­er countries.

Google pro­vides fur­ther infor­ma­tion at https://​poli​cies​.google​.com/​p​r​i​v​acy
as well as
https://​fire​base​.google​.com/​s​u​p​p​o​r​t​/​p​r​i​v​acy

We use the fol­low­ing services: 

• Cloud Func­tions for Firebase
• Fire­base Authentication
• Fire­base Crashlytics
• Fire­base Remote Config
• Google Ana­lyt­ics for Firebase
• Cloud Stor­age for Firebase
• Cloud Fire­store (Google Cloud Plat­form Product)

Fire­base is a data­base that can be used to embed real­time infor­ma­tion into your own online offer­ing. In this process, user data is trans­mit­ted anony­mous­ly to Fire­base. This ser­vice records your user behav­ior with­in our apps.

Fire­base Crash­lyt­ics is a sim­ple real­time crash reporter that allows you to track, pri­or­i­tize and fix sta­bil­i­ty issues that affect the qual­i­ty of your app. Crash­lyt­ics saves you time in trou­bleshoot­ing by intel­li­gent­ly group­ing crash­es and high­light­ing the cir­cum­stances that led to them.

Fire­base Authen­ti­ca­tion is used to sim­pli­fy the login and authen­ti­ca­tion process. To do this, Fire­base Authen­ti­ca­tion can use third­par­ty iden­ti­ty ser­vices and store the infor­ma­tion on its plat­form. Per­son­al data col­lect­ed: Email, user­name, password.

Google Ana­lyt­ics may share data with oth­er tools pro­vid­ed by Fire­base, such as Crash Report­ing, Authen­ti­ca­tion, Remote Con­fig or Noti­fi­ca­tions. This appli­ca­tion uses mobile device iden­ti­fiers and cook­ielike tech­nolo­gies to run the Google Ana­lyt­ics for Fire­base service.

Cloud Stor­age for Fire­base is a stor­age ser­vice we use to store files you upload using the app, such as photos.

Cloud Fire­store is a ser­vice we use to store infor­ma­tion you upload through the App, such as object descriptions.

A more detailed descrip­tion of the ser­vices is avail­able at
https://​fire​base​.google​.com/

Users can opt out of cer­tain Fire­base fea­tures through the appro­pri­ate mobile device set­tings, such as mobile adver­tis­ing settings:

For Android: Set­tings > Google > Ads > Reset Ad ID.
For iOS: Set­tings > Pri­va­cy > Adver­tis­ing > No ad tracking.

Per­son­al data collected:

• Unique device iden­ti­fi­er for adver­tis­ing (Google adver­tis­ing ID or IDFA);
• Usage data.

We use servers locat­ed with­in the EU when­ev­er pos­si­ble. How­ev­er, it can­not be ruled out that data may also be trans­ferred to the USA. Through cer­ti­fi­ca­tion under the EU-US Pri­va­cy Shield (“EU-US Pri­va­cy Shield”), Google guar­an­tees that EU data pro­tec­tion require­ments are also met when pro­cess­ing data in the USA.

https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​-​p​a​n​t​?​i​d​=​a​2​z​t​0​0​0​0​0​0​0​0​1​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive
In addi­tion, we have con­clud­ed an order pro­cess­ing agree­ment with Google (Art. 28 GDPR). https://​fire​base​.google​.com/​t​e​r​m​s​/​d​a​t​a​-​p​r​o​c​e​s​s​i​n​g​-​t​e​rms
The secu­ri­ty of the data trans­fer is ensured as the con­tract con­tains stan­dard con­trac­tu­al claus­es in accor­dance with Art. 46 (2) lit. c GDPR, which have been adopt­ed by the EU Commission.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legit­i­mate inter­est lies in the opti­miza­tion and eco­nom­ic oper­a­tion of our services.

5.2. Postmark

For com­mu­ni­ca­tion with the cus­tomer (such as mail­ing) we use the prod­uct Post­mark of the ser­vice provider Wild­bit LLC, 225 Chest­nut St., Philadel­phia, PA, 19106 USA.
Data is stored for 45 days by Post­mark and then deleted.

More infor­ma­tion:
https://​post​markapp​.com/​e​u​-​p​r​i​v​a​c​y​#​s​e​c​u​r​i​t​y​-​a​n​d​-​p​r​i​v​acy
This is based on an order pro­cess­ing con­tract (Art. 28 GDPR). With­in this frame­work, we pass on name, email address, gen­der, login data and con­tract data to Wild­bit LLC.
The secu­ri­ty of the data trans­fer is ensured as the con­tract con­tains stan­dard con­trac­tu­al claus­es accord­ing to Art. 46 (2) lit. c GDPR, which have been adopt­ed by the EU Commission.
The legal basis is Art. 6 (1) lit. b GDPR, as the use is nec­es­sary for the per­for­mance of the con­tract with our customers.

6. Duration

Your per­son­al data will be stored by us until the con­trac­tu­al rela­tion­ship is final­ly ter­mi­nat­ed, no fur­ther mutu­al claims can arise from it and the statu­to­ry reten­tion peri­ods have also expired.

Per­son­al data that we process in the per­for­mance of our duties in the pub­lic inter­est or on the basis of jus­ti­fied cor­po­rate inter­ests will be stored until the pur­pose has been ful­filled or the task has been com­plet­ed and doc­u­men­ta­tion is no longer required, in par­tic­u­lar for any evi­den­tiary pur­pos­es for the pro­tec­tion of rights or legal prosecution.

7. Rights of the users

With regard to the data pro­cess­ing described in more detail below, users have the right to

• Con­fir­ma­tion of whether data con­cern­ing them is being processed, infor­ma­tion about the processed data, fur­ther infor­ma­tion about the data pro­cess­ing and copies of the data (cf. also Art. 15 GDPR);
• cor­rec­tion or com­ple­tion of incor­rect or incom­plete data (cf. also Art. 16 GDPR);
• imme­di­ate era­sure of the data con­cern­ing you (cf. also Art. 17 GDPR), or, alter­na­tive­ly, inso­far as fur­ther pro­cess­ing is nec­es­sary pur­suant to Art. 17 (3) GDPR, restric­tion of pro­cess­ing pur­suant to Art. 18 GDPR;
• to receive the data con­cern­ing them and pro­vid­ed by them and to trans­fer this data to oth­er providers/​controllers (cf. also Art. 20 GDPR);
• to file a com­plaint with the super­vi­so­ry author­i­ty if they are of the opin­ion that the data con­cern­ing them is being processed by the provider in breach of data pro­tec­tion reg­u­la­tions (cf. also Art. 77 GDPR).

In addi­tion, the Provider is oblig­ed to inform all recip­i­ents to whom data has been dis­closed by the Provider about any cor­rec­tion or dele­tion of data or restric­tion of pro­cess­ing that takes place on the basis of Arti­cles 16, 17 (1), 18 GDPR. How­ev­er, this oblig­a­tion does not exist inso­far as this noti­fi­ca­tion is impos­si­ble or involves a dis­pro­por­tion­ate effort. Notwith­stand­ing the above, the user has a right to infor­ma­tion about these recipients.

Like­wise, accord­ing to Art. 21 GDPR, users have the right to object to the future pro­cess­ing of data con­cern­ing them, inso­far as the data is processed by the provider in accor­dance with Art. 6 para. 1 lit. f) GDPR. In par­tic­u­lar, an objec­tion to data pro­cess­ing for the pur­pose of direct adver­tis­ing is permitted.