luca App Privacy Policy

The controller responsible for the processing of personal data collected directly by us is:

culture4life GmbH
Mörikestraße 67
70199 Stuttgart
Germany
info@culture4life.de

You can reach our data protection officer at our Berlin location as follows:

culture4life GmbH
Data Protection Officer
Rotherstr. 20
10245 Berlin
Germany
privacy@culture4life.de

In order to use the functions of your luca app, a one-time activation is necessary. The activation is not tied to your smartphone and can be transferred using an account.  

You have the option of creating an account in the luca app. To do this, you verify your email address using a link. Once you have done this, you will be logged into your luca app.  

‍

1. data categories

We process the following account data which is necessary to register in the app:  

• name
• First name
• E-mail address
• user ID
• preferred name
• phone number

When you use the app, temporary usage data  is continuously collected: data that may be generated when using the luca app, i.e. IP address, IP location, type and version of the device used, information on the mobile network used, time zone settings, operating system and platform. We also use the open source software Matomo to measure reach. The following analysis data is also collected. You can also object to reach measurement by Matomo directly in the app in the Account / Settings area.  

• Anonymized IP addresses
• Pseudo-anonymized location (based on the anonymized IP address)
• Pseudonymized visitor ID
• Date and time, time zone settings and local time
• Called functions and elements of the app
• Files and links that were clicked and downloaded
• External links that serve to open the app
• loading time of the app
• App settings (e.g. language setting, screen resolution)
• Converted goals

If you have signed up for the newsletter in the app, you can find information about this processing here .

‍

2. Purposes and legal basis of processing

We will only process your personal data for the purposes specified in accordance with the legal bases listed. The following describes the processing in relation to the respective purpose and the respective legal bases for the processing of your personal data :

Clause Processing and Purpose Legal Basis Controller (1) If you would like to use luca, a user ID will be created for you.  

Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app applicable between you and us

culture4life GmbH (we)

(2) When you register, we collect and store your account data in order to ensure that you can use the services of our app. Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app applicable between you and us

culture4life GmbH (we) (3) When using the account function, your account data will be transferred to another device for re-registration after verification using your specified email address. Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app applicable between you and us

culture4life GmbH (we) (4) When registering and using the luca app, temporary usage data is collected and stored. The purpose is to ensure the security of the luca system and thus to guarantee the provision of services to you. Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app applicable between you and us

culture4life GmbH (we) (5) You can subscribe to the newsletter and activate app notifications to receive information about new functions, promotions, offers and more from luca. Your email address will be processed to send the newsletter and evaluate it. Art. 6 (1) 1 a) GDPR: Your consent by registering for the newsletter and marketing campaigns. Revocation possible within the mailing and in the app settings. culture4life GmbH (we) (6) We use the open source software Matomo to measure reach. It is configured so that no cookies are stored on the device.  

We collect analysis data in order to analyze the behavior of our visitors in order to optimize our offering.  

Art. 6 (1) 1 f) GDPR

You can also object to reach measurement by Matomo directly in the app.

The balancing of legitimate interests was documented.

culture4life GmbH (we)

‍

3. Recipients of personal data

In order to achieve the purposes described above in this privacy policy, we will pass on your personal data to the following recipients, with the proviso that this data may not be used in any way other than to provide services to us (as so-called data processors within the meaning of Art. 28 GDPR):

Services provided by providers Providers Data processed Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Account data, temporary usage data

(The processing is limited to a possible inspection of the listed data in the context of the implementation of the software maintenance and software operation services)

IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Account data, temporary usage data.

Server location: Germany, Hungary (Open Telekom Cloud)

Newsletter distribution HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Email address Push notifications Google Firebase Cloud Messaging

Google, Inc. Mountain View, USA

Firebase Cloud Messaging Firebase Installation ID Hosting by Matomo Analytics SaaS Web Internet Solutions GmbH  

Steinstraße 25, 76133 Karlsruhe

analysis data

Further information on Matomo’s processing can be found at: https://matomo.org/gdpr-analytics/

Analysis using Google Analytics Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland Analysis data

Further information on data processing by Google Analytics can be found at: https://policies.google.com/privacy?hl=en

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

‍

4. Duration of storage of personal data

Your personal data will be automatically deleted after the deadlines described below:  

Account details:

• Within the luca app you will find a so-called delete button. You can use this to delete your data.  
• By simply uninstalling the app, the data stored locally on your device will be deleted even without using the delete button.  

Temporary usage data:

• Temporary usage data is processed in log files. We store these for a maximum of 7 days and then automatically delete them. No further storage takes place.

Analysis data:

• Your data is anonymized immediately upon collection. The measures mentioned above mean that we cannot draw any conclusions about the identity of individual visitors. This data is stored for a maximum of 14 months and then automatically deleted.

‍

With the location search you can find operators in the desired search area in Germany or near your location where you can use luca.  

1. Data categories

At luca Discovery you have the possibility to search for operators who are located in your area.  

We process your location data . Using this function requires that you enable location services in your smartphone settings.

In addition, technical display data is collected that is necessary to be able to display a map with all the locations in your area. Google Maps is used for the display, but no personal data is transferred as we alone process this and transmit it without any personal reference.

2. Purposes and legal bases of processing

The use of luca Discovery is voluntary, so that the processing of your location data only takes place after you have given your consent and is therefore based on Art. 6 (1) 1) a) GDPR. You can revoke your consent for the future at any time within your smartphone settings.

3. Recipients of personal data

To determine your location, we pass on your personal data to the following subcontractors:

Services provided by providers Providers Data processed Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Location data, technical presentation data IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Location data, technical display data

Server location: Germany, Hungary (Open Telekom Cloud)

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

4. Duration of storage of personal data

Your last location search will be displayed in your app. This is only saved locally on your smartphone. It is not stored further in our systems.  

If a restaurant uses the reservation functionality, you can make a table reservation directly via your own luca app.  

To do this, you select the location within luca Discovery and enter a date and time slot. You then select the number of people. Personal data is collected in the process. Finally, you will receive a reservation confirmation.

1. Data categories

When you make a reservation, the operator will process your contact details . This includes your first and last name, as well as your telephone number and email address.

In addition, your payment information, i.e. bank and billing account details, credit card information, cardholder name, will be processed to process any reservation fee that may be due.

In addition, information about the reservation request is processed. This includes the date, time and number of people.

2. Purposes and legal bases of processing

The processing of contact details, payment information and information about the reservation request is carried out in order to ensure pre-contractual measures within the meaning of Art. 6 (1) 1 b) GDPR between you and the operator.

3. Recipients of personal data

The operator is responsible for collecting your data when making a reservation. We provide the operator with the technical service and are therefore the operator's contractor in accordance with Art. 28 GDPR.

In addition, the following subcontractors will receive your personal data:

Services provided by providers Providers Data processed Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Contact details, information about the reservation request IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

contact details, information about the reservation request

Server location: Germany, Hungary (Open Telekom Cloud)

Carrying out the possible payment of a reservation fee Rapyd Europe hf., Suðurlandsbraut 30, 108 Reykjavík, Iceland Payment information

Rapyd’s current privacy information can be found here .

Sending the reservation confirmation Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin, HubSpot, Inc.; 5 FirstStreet. Cambridge. MA 02141 USA Contact details, information about the reservation request

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

4. Duration of storage of personal data

The data required for the reservation will be saved and automatically deleted 12 weeks after the reservation expires.

If a restaurant uses the ordering function, you can place an order directly via your own luca app.  

You can plan and process orders in advance so that you reserve your food and drinks for a specific date and time. To do this, you select the food and drinks you want from the menu provided and then pay for them. You can also place and pay for orders on site.

In the process, personal data will be collected. You will then receive an order confirmation.  

1. Data categories

When you place an order, the operator may process your contact details . This includes your first and last name, your email address and your telephone number.

In addition, information about the order is processed. This includes: type and quantity of food and drinks, date and time of the order, total amount of the order and other order history.

In addition, depending on the ordering process, payment data may be processed as described in Section G of this Privacy Policy.  

2. Purposes and legal bases of processing

The processing of contact details , payment data and information about the order is carried out in order to ensure contractual measures within the meaning of Art. 6 (1) 1 b) GDPR between you and the operator.

3. Recipients of personal data

The operator is responsible for collecting your data when you place an order. We provide the operator with the technical service and are therefore the operator's contractor in accordance with Art. 28 GDPR.

In addition, the following subcontractors will receive your personal data:

Services provided by providers Providers Data processed Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Contact details, information about the order IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

contact details, information about the order

Server location: Germany, Hungary (Open Telekom Cloud)

Sending the order confirmation Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin; HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Contact details, information about the order

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

4. Duration of storage of personal data

• Your email address , telephone number and your first and last name will be automatically deleted after 12 weeks to ensure possible chargebacks.
• The information about the order must be stored in connection with payment data for up to 10 years due to legal retention periods.

The luca app offers you the opportunity to pay digitally in various locations in cooperation with payment service providers, to give tips, to save your payment method for repeated payment transactions in luca and to display an overview of your past payments.

1. Data categories

If you would like to make a payment via the luca system and/or save your payment method, the following data will be processed and, if necessary, shared with the operator and the payment service provider used during the payment process:  

• User ID: User ID  
• Optional user data : email address
• Payment information: bank and billing account details, credit card information, cardholder name  
• Information about the transaction : transaction ID, time, date of the transaction, invoice amount, tip, name or ID of the location, invoice items

2. Process description

As soon as you decide to pay using luca Pay, the operator provides a QR code, which is placed on a table, for example, and contains the outstanding bill amount. After scanning the QR code, the information on the outstanding bill stored by the operator is displayed within the luca app. You can then decide to give a tip of the desired amount. By confirming the bill amount and the tip, you will be automatically redirected to the payment service provider. There you will see the payment amount and the recipient (i.e. the operator) again for checking. You can choose from several payment methods, including Mastercard, Visacard, ApplePay and GooglePay. After selecting, you can enter your payment method information. With a final confirmation, your payment is processed via the payment service. 

The payment service provider offers you the option of storing your payment method information permanently so that you do not have to enter it again when making further payments using luca Pay. luca receives a reference number from the payment service provider and saves it for you. The payment service provider can use this number to assign your data when you attempt to make a payment again.

luca provides a list (“payment history”) of your completed payments for your viewing. In the payment history you can view information about your transactions with the operators.  

3. Purposes and legal bases of processing

The following describes the processing operations as well as their purposes and legal bases, which serve the purpose of payment processing.  

Section Processing and Purpose Legal Basis Responsible Party (1) After scanning a luca QR code, the luca app shows you the details of the outstanding invoice with the operator. If you have vouchers, we will reduce the invoice amount. You can also give a tip.  

We will process and store your user ID and payment information.

Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app applicable between you and us

culture4life GmbH (we) (2) Once you have started and confirmed the payment process in your app, you will be redirected to the payment service provider. There you can enter your preferred payment method information . The payment service provider will carry out the payment. Art. 6 (1) 1 b) GDPR Terms of use of the payment provider

payment service providers

(3) The payment service provider offers you the option of saving your payment information so that you do not have to re-enter your data when making payments. Your payment information is collected. luca saves the reference number for you and can assign it to the process if you request payment again. The payment service provider assigns the saved payment information to the payment attempt. Art. 6 (1) 1 a) Consent of payment service provider (4) After payment has been made, you can view all information about the

transaction within the

own app.  

Art. 6 (1) 1 b) GDPR:

Based on the terms of use for the luca app applicable between you and us

culture4life GmbH (we)

(5) Optionally, you can have the payment receipt ( information about the transaction with the operator) sent to your email address ( optional user data ) after the payment has been processed. Art. 6 (1) 1 a) Consent culture4life GmbH (we)

4. Recipients of personal data

The following payment service providers may be used to process payments. These are the recipients of your data. They act on their own responsibility and process your data independently.

Services provided by providers Providers Data processed Execution of payments and related services Rapyd Europe hf., Suðurlandsbraut 30, 108 Reykjavík, Iceland Payment method information, information about the transaction with the operator

Rapyd’s current privacy information can be found   here .

execution of payments and related services

Adyen NV, Simon Carmiggeltstraat 6-50 1011 DJ Amsterdam
The Netherlands
Payment method information, information about the transaction with the operator

Adyen’s current privacy information can be found here .

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with the following recipients, so that they can only process your data for specific purposes and on our instructions:

Services provided by providers Providers Data processed Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin User ID, information about the transaction with the operator, optional user data IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

User ID, information about the transaction with the operator, optional user data

Server location: Germany, Hungary (Open Telekom Cloud)

Sending the payment receipt Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin; HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Optional user data, information about the transaction with the operator

5. Duration of storage of personal data

Your personal data will be automatically deleted after the deadlines described below:

• Your user ID and your optional user data will be deleted when you use the delete button within your app or by revoking your consent.  
• Payment method information and information about the transaction with the operator are stored by the payment service provider for up to 10 years in accordance with banking supervisory regulations. Likewise, luca must also keep the payment data for billing with the operator for 10 years.

The luca loyalty program allows you to collect and redeem loyalty points (luca Points), which offer you advantages when using the luca app.  

These loyalty points are linked to your account (see section C).  

Among other things, it is possible to use the digital payment function (see Section G) to collect payment-related luca Points and to redeem them when making a payment.  

1. Data categories

• User ID: User ID
• Information about the transaction with the operator: transaction ID, time, date of the transaction, invoice amount, name or designation of the operator

2. Purposes and legal bases of processing

Participation in the loyalty program is based on the terms of use for the luca app applicable between you and us within the meaning of Art. 6 (1) 1 b) GDPR.

3. Recipients of personal data

Services provided by providers Providers Data processed Software maintenance and software operation services

neXenio GmbH, Charlottenstr. 59, 10117 Berlin

user ID,  

Information about the transaction with the operator

IT infrastructure services (servers)

Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

user ID,

Information about the transaction with the operator

Server location: Germany, Hungary (Open Telekom Cloud)

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

4. Duration of storage of personal data

The data required for participation will be processed by us as long as it is necessary to fulfill our contractual and legal obligations.

The hotel function is designed for the case where you plan to stay with an operator who runs a hotel.

You can then use the luca app to check in upon arrival and check out upon departure. The luca app also creates a registration form for your stay at the hotel.

1. Data categories

As part of the hotel function, the operator processes your check-in/check-out data . This includes your date of birth, your nationality, your billing and residential address, your telephone number and the arrival and departure dates associated with the booking. If necessary, the serial number and the identity card/passport may be collected by the hotel as part of the digital registration form.

In addition, if you wish to pay the hotel bill when checking out at the hotel, the operator may process payment data as described in Section G of this Privacy Policy.  

2. Purposes and legal bases of processing

The processing of check-in/check-out data and payment data as in Section G serves to execute the contract within the meaning of Art. 6 (1) 1 b) GDPR between you and the operator.

3. Recipients of personal data

The operator is responsible for collecting your data when making a reservation. We provide the operator with the technical service and are therefore the operator's contractor in accordance with Art. 28 GDPR.

In addition, the following subcontractors will receive your personal data:

Services provided by providers Providers Data processed Software maintenance and software operation services neXenio GmbH, Charlottenstr. 59, 10117 Berlin Check-in/check-out data IT infrastructure services (server) Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

check-in/check-out dates

Server location: Germany, Hungary (Open Telekom Cloud)

Sending the confirmation Sendinblue GmbH Köpenicker Str. 126, 10179 Berlin; HubSpot, Inc., 5 FirstStreet. Cambridge. MA 02141 USA Check-in/check-out data

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

4. Duration of storage of personal data

The data required for the hotel function are stored and automatically deleted 1 year after the guest's departure (according to the retention periods applicable to the client pursuant to Section 30 Paragraph 4 of the Federal Ministry of Health Act) or in accordance with the provisions of applicable law.

The luca app offers you the option of storing your test, recovery and vaccination certificates in your luca app. The certificate is only stored locally on your own smartphone and is not linked to the account function.  

1. Data categories

If you use the function to store your test result, vaccination or recovery certificate, we will also collect the following data based on your consent:

Test result/recovery/vaccination document: first and last name as well as date of birth, infection status, the identification number of your document and additionally:

1. 1. For the test result: type of test (PCR or antigen test), information on the test manufacturer, the test center and the issuing office of the certificate, test and issue time
   2. For the recovery card: date of positive test, information on the issuing office, period of validity
   3. For the vaccination certificate: date of vaccination, number of vaccinations, information about the vaccine (disease, manufacturer, product), information about the issuing agency

2. Process description

The luca app offers you the option of saving a test result or a vaccination or recovery card (hereinafter referred to as "document") in the luca app and showing it to authorized bodies if necessary. This is no longer based on the purpose of supporting contact tracing and serves you merely as a kind of wallet (uniform storage location). You can then access the document that may be required for access directly in the luca app when you check in. The respective document is not sent to the operator or the health department. The document remains exclusively in your luca app and is not stored by us on the server. We therefore have no access to your data stored in this context. To enter a document, you can do so via the QR code or the link provided by the issuing body on your test result or digital recovery/vaccination card. If you decide to use this function, you may need to turn on your smartphone's camera to scan the QR code. The negative test result or the recovery or vaccination status is validated and saved locally on your device in the luca app. Validation is done by comparing the first and last name with the data stored in the app locally on your device. The validity, the electronic signature contained in the QR code and the authenticity of the document are also checked. To prevent misuse, so that the document cannot be stored multiple times in the luca app by different people, your luca app creates a pseudonymized identifier and transfers it to the luca system. Only this identifier is stored in the luca system. We cannot assign this to you. Each document can only be stored once at the same time. This means that the same document cannot be used on multiple devices.

3. Special categories of personal data according to Art. 9 GDPR

If you decide to store your COVID test result or digital recovery or vaccination certificate in the luca app, this will also only be done on the basis of your express consent in accordance with Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR.

4. Purposes and legal bases of processing

The following describes processing operations and their additional purposes and legal bases, which serve the purpose of simple and local deposit and storage of a test result, a vaccination or recovery certificate (hereinafter "document"). You can show this document to authorized bodies if necessary.

ClauseProcessing and purposeLegal basisResponsible party (1)If you would like to store your document in the luca app on your smartphone, the data of the test result/recovery/vaccination documents will be transmitted locally to your smartphone.

This serves the purpose of depositing the document so that it can be presented upon request.

Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we)(2)If you want to store your document in the luca app by scanning the QR code (holding the smartphone camera over the QR code), you must switch on your camera. Only the QR code is read. Data in the surrounding area is not recorded.

This serves the purpose of depositing the document so that it can be presented upon request.

Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR:

Consent by switching on the camera function, if requested in the app.

You can revoke your consent at any time in the future by turning off your camera function. (see also Part D. 7.)

culture4life GmbH (we)(3)After inserting the document into your luca app, your app compares the first and last name of the document with your entries in the luca app. This is done exclusively locally on your device and is used to assign it to you personally.Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we)(4)The validity, the electronic signatures contained in the QR code and the authenticity of the document are also checked.Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we)(5)To prevent misuse, so that the document cannot be stored in the luca app multiple times by different people, your luca app creates a pseudonymized identifier and transfers it to the luca system and stores it there.Art. 9 (2) a) in conjunction with Art. 6 (1) 1 a) GDPR: Consent by inserting the document.culture4life GmbH (we)

5. Recipients of personal data

Services provided by providersProviderData processed Software maintenance and software operation servicesneXenio GmbH, Charlottenstr. 59, 10117 BerlinIdentification of test result, recovery or vaccination documents

(The processing is limited to a possible inspection of the listed data in the context of the implementation of the software maintenance and software operation services)

IT infrastructure services (server)Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn

Identification of test result, recovery or vaccination documents

Server location: Germany, Hungary (Open Telekom Cloud)

Contract processing agreements in accordance with Art. 28 GDPR have been concluded with these recipients so that they can only process your data for specific purposes and on our instructions.

6. Duration of storage of personal data

An antigen/PCR test stored locally in the luca app is automatically deleted after 48 (antigen test)/72 (PCR test) hours. All locally stored documents are automatically deleted as soon as the validity of the document is exceeded. You can also manually delete your COVID test result, recovery or vaccination status at any time within your app.

The pseudonymized ID of the document is automatically deleted from the luca system after 72 hours. The ID of the respective document is used solely to prevent misuse, so that the respective document cannot be stored multiple times in the luca app by different people.

‍

‍

With regard to the processing of your personal data, you have the following rights provided for in the GDPR, which you can assert against us for all processing for which we are responsible:

• The right to request a statement as to whether your personal data is being processed and, if this is the case, the right to information about this data. Within the app, you have the option of downloading the data we have stored about you by using the information button. The following information is provided on the specifics of the individual data:

• Your test and certificate documents (Part E) are only stored locally on your device. We only have the identifier that is sent to us for the purpose of preventing misuse. We cannot assign this identifier to you.
• To obtain information about your luca Pay data (Part G), you can use the information button to find out your user ID. If you tell us this, we at culture4life can research your data at Rapyd Europe and provide you with information about it.

• The right to request the rectification of your personal data if it is incorrect or incomplete (Art. 16 GDPR). You can only correct your contact details (except for the history) in the luca app yourself. We already fulfill this right through the functionalities provided. To exercise this right, you only have to go to the relevant areas within the luca app and make the correction/change.  
• The right, under certain circumstances, to request that your personal data be deleted immediately (so-called “right to be forgotten”) (Article 17 GDPR). We comply with this right by providing a delete button.
• The right to request the restriction of the processing of your personal data under certain conditions (Article 18 GDPR).  
• The right to revoke any consent given to us regarding the processing of your personal data at any time. This can be done in the future by changing your settings, as well as by deleting the stored certificates, the identification document and your payment data. Such a revocation does not affect the legality of the processing that took place up to your revocation. The following should be noted in addition for individual data:

To exercise these rights against us, you can also contact our data protection officer using the contact details provided in Part B of this data protection declaration.

Notwithstanding the above rights, you have the right to lodge a complaint with a supervisory authority for data protection and freedom of information, for example with the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg responsible for us:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, PO Box 10 29 32, 70025 Stuttgart.

This is the current version of our privacy policy (valid from June 25, 2024). We reserve the right to adapt this privacy policy (especially in the event of changes in the legal situation or changes to our functionalities). For this reason, we recommend that you access this privacy policy at regular intervals.