Privacy Policy for the “KOSMOS Helper App”
In addition to the data protection declaration of KOSMOS Verlag (https://www.kosmos.de/content/kosmos-datenschutz), the following data protection provisions apply specifically to the use of our app.
Contents
- Preface and selected terms
2. Responsible body and data protection officer
3. Overview
4. External Hosting
5. Automatic data processing when using our app (log files)
6. Use of Unity Analytics
7. Access authorizations in the end device
8. Your rights under the General Data Protection Regulation
1. Preface and selected terms
This data protection declaration informs our app users about the processing of personal data that is collected and processed when using the app.
•GDPRstands for the European General Data Protection Regulation.
•BDSGis the abbreviation for the Federal Data Protection Act in its current version.
•Personal dataare all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 Para. 1 GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
• Theprocessing of personal dataincludes all operations, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
• Thedata subjectwithin the meaning of data protection law is any natural person who processes personal data.
• Further definitions of terms can be found in the General Data Protection Regulation, which you will find mainly in Art. 4 of the GDPR (Definitions).
2. Responsible Party and data protection officer
Responsible Party for the processing of personal data
Franckh-Kosmos Verlags-GmbH & Co.KG
Pfizerstraße 5 - 7
D-70184 Stuttgart
Telefon: +49 711/2191-0
E-Mail:info@kosmos.de
External Data Protection Officer
DSB Externer Datenschutzbeauftragter Stuttgart
Fabian Henkel
Diplom-Betriebswirt (FH)
Zertifizierter Datenschutzbeauftragter
Telefon: +49(0)176 32744172
E-Mail:info@externer-datenschutzbeauftragter-stuttgart.de
Web:https://www.externer-datenschutzbeauftragter-stuttgart.de
3.Overview
The following content gives you a brief overview of the processing of personal data; you can find more information in the passages presented in detail.
Data that you submit to us
In this app, on the one hand, we process the data that you enter yourself, for example in a form (if available at the time). In this case, the purpose of the processing results from the type of your message and from this data protection declaration. Even if you send us a message by e-mail, for example, or otherwise contact us, we will process your data in accordance with the purpose for which you were contacted.
Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves to defend against attacks, analyze access numbers and ensure smooth operation.
Analysis tools
We use auxiliary tools that support us in analyzing usage of our app for the purpose of optimization, gaining knowledge about the intensity und quantity of use and help to improve the apps usability.
Use of data processors under the usage of data processing agreements
We use data processors to make the provision and operation of the app smooth and efficient, details can be found in this data protection declaration.
Transfer of personal data to a third country (non EU)
We use the Unity Analytics analysis tool from Unity (Unity Technologies, 30 3rd Street, San Francisco, CA 94103, USA). We have concluded a data processing agreement with Unity using EU standard contractual clauses. This tool helps us to collect pseudonymized data on app usage. You can find more information in this data protection declaration.
In addition, we try to have all service providers and services provided by providers within the European Union as far as possible. A transfer to a third country is possible if you have given us your consent and / or we have concluded a contract for the processing of personal data including suitable guarantees for ensuring a sufficient level of data protection.
General information on deletion periods for personal data
We process the data according to the principle of necessity and purpose limitation. You can find more information on deletion periods in the individual details of this data protection declaration.
Obligation to provide personal data
Our app can be operated without providing personal data. Except for any metadata, including the user's IP address, information about the operating system, time, and date of the access. These data are essential for the operation of the app. For more information, see this data protection declaration.
Links to third party offers
Websites and services from other providers to which our application links have been and are designed and provided by third parties. We have no influence on the design, content, and function of these third-party services. We expressly distance ourselves from all content of all linked third-party offers. Please note that the third-party offers linked from our application may install cookies on your device or collect personal data. We have no influence on this. If necessary, please inform yourself directly from the providers of these linked third-party offers.
4. External Hosting
We have commissioned a service provider to host our app and provide additional content; for this purpose we have concluded a data processing agreement in accordance with Art. 28 GDPR. Or hosting provider is DATAGROUP SE, Wilhelm-Schickard-Straße 7, D-72124 Pliezhausen.
5. Automatic data processing when using our app (log files)
The server log records metadata about each session, this includes the users IP-Address. You can find details below.
When using the app, especially when downloading additional content, the data described below is automatically collected.
• Date and time and duration of use
• Type of mobile device / device version
• the operating system used
• Country (generated from the IP address) and language
• Downloaded packages and functions used
• IP-Address
We are interested in a smooth providing of our App and ensuring its technical functionality over the long term. We do not use this data for the purpose of drawing conclusions about your person or your identity. The described data categories are processed based on Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in providing the service, ensuring technical operation and for the purpose of identifying and eliminating malfunctions. Further lies our legitimate interest in ensuring the performance and availability of our offer.
We delete or anonymize the collected log files after six months.
6. Use of Unity Analytics
For the continuous further development of our app, we analyze data about app usage, for this purpose we use Unity Analytics. The provider is Unity Technologies, 30 3rd Street, San Francisco, CA 94103, USA. We have concluded a contract with Unity for the processing of personal data using EU standard contractual clauses.
From the data collected with Unity Analytics, we create anonymous statistics and reports with the aim of making our app offering more interesting and user-friendly for users and optimizing functions.
The following data is collected by Unity Analytics:
• date and time and duration of use
• device ID and device name
• the operating system and version used
• app version used
• country (generated from the IP address) and language
• downloaded packages and functions used
• system crashes and comparable events
• unity User ID (a unique ID assigned by Unity)
• IP-Address (we do not have access to recorded IP-Addresses)
[u]In addition to the purposes already mentioned, our goals are the following:[/u]
• measurement of active users per day and month
• measurement of the growth in users
• measuring the loss of users
• measurement of active end devices
• analysis of the operating systems used
• analysis of selected languages and countries
• measure the number of downloaded packages
• measurement of the number of deleted packets
• analysis of used features
• measuring the use of tutorials (finished tutorials)
• measurement of service life
• measure the number of players
We use Unity Analytics asserting our legitimate interests within the meaning of Art. 6 Para. 1 lit. f GDPR, of course you have the option to object. [b]To use your right of objection, please click on the opt-out button. You will find this button at the end of this data protection declaration.[/b]
We delete the collected raw data after 90 days. We only store completely anonymous statistical data in the long term that do not allow any personal reference.
- Access authorizations in the end device
To provide our services via the app, we need the access rights listed below, which enable us to access certain functions of your device. Your express consent (opt-in) is required to access this data. You can give this when the app asks you to do so. This data is therefore processed based your consent (Art. 6 Para. 1 lit. a GDPR).
Access to the memory
The content you selected in the app is saved on your device, so the app needs access to your media storage.
Revocation of access rights
You can revoke granted access rights at any time in the settings of your device. Depending on the operating system, you can find the rights management in the settings under Apps or Authorizations. You can find more detailed information on this in the operating instructions for your terminal device or the operating system.
Your rights under the General Data Protection Regulation
Every natural person has certain rights, these are defined in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights that you can claim from us.
Right to revoke a given consent according to Art. 7 Para. 3 GDPR
You can revoke your consent to us at any time without giving reasons with effect for the future.
Right to information according to Art. 15 GDPR (restrictions according to § 34 BDSG possible)
You have the right to request information about the data processed by you and the purposes of processing at any time.
Right to correction according to Art. 16 GDPR
If you discover that we are processing incorrect or incomplete personal data, you have the right to have it corrected.
Right to deletion according to Art. 17 GDPR (restrictions according to § 35 BDSG possible)
You have the right at any time to request the deletion of your personal data that we are processing about you. If complete deletion is not possible, for example because we must meet statutory retention requirements or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.
Right to restriction of processing according to Art. 18 GDPR
You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
• If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
• If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
• If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. If it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data - apart from their storage - may only be allowed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.
Right to data portability according to Art. 20 GDPR
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done if it is technically feasible.
Right to object to certain processing operations and direct mail in accordance with Art. 21 GDPR
If the data processing is based on Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Paragraph 1 GDPR).
If your personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 Paragraph 2 GDPR).
Right of appeal to a supervisory authority according to Art. 77 GDPR
In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right of appeal exists without prejudice to other administrative or judicial remedies.