1         Responsible company

The responsible company for the processing of personal data is FourSense GmbH, Heerdestraße 23, 48149 Münster (subsequently “we”).

2         Purpose and legal basis for the processing of personal data

2.1        Principle

We process personal data that arise during the usage of the app or that you explicitly and voluntarily make available to us by using the app exclusively on the basis of the statutory regulations (The German Federal Data Protection Act [BDSG], The German Telemedia Act [TMG] and The General Data Protection Regulation [DSGVO]). This includes the processing of personal data that are

  • necessary for the provision of our contractual services or are legally prescribed, or
  • for which you have given us your explicit permission, or
  • on the basis of our legitimate interests (i.e. our interest in security, economic operation as well as the analysis and optimisation of the app to improve the user experience).

With regard to the processing of personal data on the basis of the The General Data Protection Regulation (DSGVO) coming into effect on the 25th May, 2018, we would like to point out the following legal bases for the processing of personal data:

  • Permission: Article 6 Section 1 (a) and Article 7 DSGVO
  • Fulfilment of our contractual services: Article 6 Section 1 (b) DSGVO
  • Fulfilment of our legal obligations: Article 6 Section 1 (c) DSGVO
  • Safeguarding of our legitimate interests: Article 6 Section 1 (f) DSGVO
2.2        Access data (legal basis: legitimate interests)

Each time our website is accessed from your browser, automatic access data are transmitted and are stored by us in log files on our servers. The access data include: your IP address, the referrer URL, the name of the provider via which the access took place, the name of the files accessed, the date, time and duration of the retrieval, the amount of data transmitted, information about the browser and operating system and the http status code.

We save your IP address in the log files for a maximum of 30 days and then delete it or anonymise it. As a result, we do not have any opportunity, neither directly nor with the help of supplementary knowledge, to carry out an allocation to your person. We do not carry out a merger of access data with other data sources.

We process access data on the basis of our legitimate interests corresponding to the statutory regulations, only in order to carry out statistical evaluations in an anonymised form for the purpose of operation and security and for the optimisation of the contents of our website and to provide law enforcement authorities with the information necessary for law enforcement in the event of a justified suspicion of unlawful use on the basis of concrete indications.

3       The storage of personal data

3.1        Duration of data protection

We store your personal data for as long as is necessary to perform the objectives that have been listed in this data protection declaration. If these objectives cease to apply, then all personal data shall be deleted, as long as longer storage has not been legally prescribed.

3.2        Location of data storage

We store your personal data exclusively on secure and protected servers in Germany.

4         Transfer of personal data to third parties

4.1        Principle

Unless otherwise indicated, we do not on principle transmit personal data to third parties and do not transmit to countries outside of the European Union (EU) or the European Economic Area (EEA).

4.2        Overview of technical service providers

We may use technical service providers by way of contract data processing for the provision of our services, e.g. for hosting. We may also use service providers for this purpose who are based outside of the EU and the EEA, where differing data protection regulations may apply.

Service providers in the USA basically provide an adequate level of data protection comparable to that of the European data protection law if they are subject to the EU-US Privacy Shield certification or the agreement of the so-called EU standard contractual clauses of the European Union with the receiver.

You can find an overview of the technical service providers that we use, and their data protection declarations in the appendix.

4.3        Transmission of personal data by law

The transmission of your personal data to order and law enforcement authorities or to other government institutions shall take place only within the framework of mandatory national legislation.

5         Cookies

Our website uses so-called cookies. A cookie is a small text file that is sent when you visit our website and is saved in your browser. If you call up our website again, then your browser will send back the contents of the cookie. We can evaluate this information in a number of different ways. Some cookies are deleted automatically when you end your browser session (so-called session cookies). Other cookies will be saved for a specified period, or saved permanently in your browser and will then independently delete themselves afterwards (so-called temporary or permanent cookies). You can deactivate the saving of cookies via your browser settings and delete cookies that have already been saved at any time in your browser. Please observe however that the website may not function, or may function only in a restricted manner without cookies.

We use cookies to make it easier for you to use our website. This means for example that you do not have to select your preferred language again every time you visit our website, as this will be adopted by our website from the cookie that is stored in your browser. We do not process any personal data in the process. Furthermore, we also can use cookies from third-party suppliers for data analysis (e.g. statistical analyses of visitor numbers or the websites that are accessed most frequently) in order to be able to continually improve our website and the visitor experience. Fundamentally, no personal data in cookies will be processed here.

6        Obligation to provide personal data

The provision of your personal data is not prescribed either legally or contractually. We will not be able to handle your request, however, if you do not provide us with your contact details.

7         Rights of the person affected

7.1        Rights of the person affected

You have the right to receive information free of charge at any time about the processing of your personal data and to correct or amend these data if necessary. If you have granted us permission to process your personal data for purposes that are listed in this data protection declaration, then you can revoke this permission with effect for the future at any time. Furthermore, you also have the right to appeal, the right of data portability, the right to limit the processing or, if there is no statutory archiving obligation, the right of the deletion of your personal data that have been processed by us.

If you have any questions about the rights of the person affected, or if you want to exercise these rights, then you can contact us at any time using the contact details provided in section 11.

7.2        Right of appeal to a supervisory authority

You have the right to lodge a complaint to a data protection authority. To do this, you can either contact the data protection authority that is responsible for your place of residence or your Federal State, or you can contact the data protection authority that is responsible for us.

8         Alterations

We reserve the right to make alterations to the Data Protection Declaration from time to time. We shall not use data that have been obtained once for other purposes subsequently without your permission, unless we are entitled to do this by law.

9         Contact

If you have any questions or comments about data protection at FourSense, then you can contact us at any time via e-mail, fax or letter:

FourSense GmbH
Heerdestr. 23
48149 Münster, Germany

Fax: +49 (0) 251 / 590 805 99

As of: 03/05/2018 (Version 1.00)

10         Annex – Overview of Technical Service Providers