Privacy Policy zeigmal - App

Introduction

This privacy policy describes what data we process in the zeigmal app, for what purposes, and on what legal basis. It also informs you about your rights and how you can exercise them.

We use personal data exclusively to the extent necessary for the functionality of the app (e.g., location for navigation, camera access for AR features). Systematic storage, sharing, or profiling does not take place.

By using the app, you agree to this privacy policy.

Last updated: January 15, 2025

Interpretation

Words with capitalized initial letters have defined meanings under the following conditions. The following definitions have the same meaning regardless of whether they appear in singular or plural form.

Definitions

For the purposes of this privacy policy:

You means the person accessing or using the service, or the company or other legal entity on whose behalf such person accesses or uses the service, as applicable. Under GDPR (General Data Protection Regulation), you may be referred to as the data subject or as the user, as you are the person using the service.

Company (referred to as "the Company", "We", "Us", or "Our" in this agreement) refers to zeigmal GmbH. For the purposes of GDPR, the Company is the data controller.

Application means the software program provided by the Company downloaded by you on any electronic device, named "zeigmal".

Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.

Account means a unique account created for you to access our service or parts of our service.

Service refers to the application.

Country refers to: Konstanz, Germany

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the service, to provide the service on behalf of the Company, to perform services related to the service, or to assist the Company in analyzing how the service is used. For the purposes of GDPR, service providers are considered data processors.

Third-party Social Media Service refers to any website or any social network website through which a user can log in or create an account to use the service.

Personal Data is any information that relates to an identified or identifiable individual. Personal data under GDPR means any information relating to you such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity. For the purposes of CCPA, personal data means any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

Device means any device that can access the service such as a computer, a cellphone, a digital tablet, or an immersive reality headset.

Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).

Data Controller for the purposes of GDPR (General Data Protection Regulation) means the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of personal data.

Usage Data

When using our application, the following information may be processed:

• Location data (for navigation, environmental recommendations)
• Camera access (for augmented reality features)
• Device information and usage data, such as device type, operating system, usage behavior (via Unity/Firebase Analytics)

Processing is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time via the device settings.

Location data is not stored or evaluated beyond the session duration. Data transmission is exclusively encrypted (TLS).

Detailed Information About The Processing Of Your Data

Geo-Spatial API

By using the Geo-spatial API in the application (only during the use of AR functionalities), users are bound by Google's terms of use, which can be found here:

https://policies.google.com/terms?hl=en

By using the Geo-spatial API, users automatically use the Google Maps API. The privacy policy of the Google Maps API can be found here:

https://policies.google.com/privacy?hl=en

Backend

We use Firebase as a backend. We do not transmit any personal data to Firebase, but anonymized data may be processed there. Communication to Firebase servers is encrypted (TLS).

The privacy policy can be read here: https://firebase.google.com/support/privacy

Our application uses a self-hosted backend system (Supabase) operated on servers in Germany (Strato GmbH). We process exclusively pseudonymized data (e.g., session duration, device type, error codes) to keep the app stable and user-friendly.

The data is not shared with third parties and is stored exclusively on servers within the EU. Identification of individual users does not take place.

The storage period is a maximum of 12 months. Processing is based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.

Analytics

We may use third-party service providers to monitor and analyze the use of our service.

Firebase: Firebase Analytics is an analytics service provided by Google Inc. You can disable certain Firebase features through your mobile device settings by following Google's instructions in the privacy policy: https://policies.google.com/privacy

We also recommend that you read Google's policies for safeguarding your data: https://support.google.com/analytics/answer/6004245

For more information on what type of information Firebase collects, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

Unity Analytics: Unity Analytics is provided by Unity Technologies. For more information on what type of information Unity Analytics collects, please visit the privacy policy page: https://unity3d.com/legal/privacy-policy

Usage Analysis with PostHog

We use the analytics service PostHog (https://posthog.com/) to measure and analyze the usage of our app. This helps us continuously improve the app and make it more user-friendly. The collected data is used exclusively to improve our app and is not sold to third parties.

We use PostHog Cloud EU, so all data is processed within the European Union. No data is transferred to countries outside the EU.

Type of Data Collected

With PostHog, we collect anonymized usage data that does not allow any conclusions about your person. This includes, for example:

• Information about the use of the app (e.g., which features are used, how long you stay in the app)
• Technical device information (e.g., operating system version, device type)

IP addresses are anonymized and processed in a way that makes identification of users impossible. No personal data is collected that would allow conclusions about your identity.

Right to Object

You can refuse the collection of your usage data by PostHog at any time. You will find a corresponding setting in the privacy settings of our app. If you choose this option, no usage data will be collected for analysis purposes.

Service Provider

The service is provided by PostHog, Inc. Since we use PostHog Cloud EU, we have concluded a data processing agreement with the provider that ensures compliance with strict EU data protection regulations.

Usage, Performance And Other

We use Mapbox for our map material. Their privacy policy can be viewed at https://www.mapbox.com/legal/privacy/.

We use Maptoolkit for maps and navigation requests. Their privacy policy can be viewed at https://www.maptoolkit.com/en/privacy/.

Children's Privacy

Our app can also be used by children and adolescents under 16 years of age. Location data and camera access are only processed after consent.

If users are under 16 years old and such data processing occurs, consent from legal guardians may be required.

We do not collect any further personal data from children and do not store data permanently.

Links to Other Websites

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes To This Privacy Policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page. We will update the "Last updated" date at the top of this privacy policy. We advise you to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page.

Contact Us

If you have any questions about this privacy policy, you can contact us:

• By email: hallo@zeigmal.digital
• By visiting this website: https://www.zeigmal.digital

Last updated: January 15, 2025