Data Privacy Notice for Entagged Mobile App

1. Introduction

GotPhoto is committed to protecting the data of users of GotPhoto software and services. In doing so, GotPhoto ensures that its data protection measures are consistent with the latest data protection legislation, including the General Data Protection Regulation.

The purpose of this data privacy notice and / or any updates to this data privacy notice is to make you aware of the personal information that will be processed by the Entagged mobile app and / or any updates to such software provided by GotPhoto (the Software). We encourage you to read the information below carefully.

2. Information Used by the Software
a) Authentication Data
To use the Software or certain functions thereof, the Software may require personal information provided by you for authentication purposes. This information will consist of a username and password (Authentication Data).

The originating source, controller and processor of your Authentication Data is GotPhoto. If you want to change your Authentication Data, you or your administrator must do so within the GotPhoto platform. You cannot change your Authentication Data within the Software, nor can GotPhoto do this for you.

b) Photo Subject Data
During your use of the Software, you may view and collect information relating to your photo subjects, including photo subject name, address, gender, birthdate, name of school, group/class, name of teacher, access code and barcode (Photo Subject Data). This information identifies the person you are photographing.

(i) If you download the Photo Subject Data from the GotPhoto platform, GotPhoto is a data processor with regards to the Authentication Data and the Photo Subject Data.

(ii) If you download the Photo Subject Data from other sources than the GotPhoto platform, GotPhoto is not a data controller or a data processor with regards to the Photo Subject Data. GotPhoto will have no access to or control over the Photo Subject Data.

c) Service Usage Data
During your use of the Software, the Software will send log event and warning information to Firebase Analytics, an app analytics service provided by Google LLC. This includes: i) events relating to your usage of the Software (login, logout, synchronisation process activity, app settings); ii) device information (operating system, app version); and iii) service warnings and errors (app crashes) (Support Usage Data). All this information is processed anonymously, so that no conclusion can be drawn to you as a person. We only use Firebase Analytics with activated IP anonymization.

For more information about Firebase Analytics’ privacy and security, visit: https://firebase.google.com/support/privacy/.

3. Use of Information
Your Authentication Data will be stored on the GotPhoto platform. Every time you are asked to log into the Software, your Authentication Data is validated with the GotPhoto platform to enable you to use the Software. Your data will be protected by encryption techniques during the validation process between the Software and the GotPhoto platform. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Provided you have a GotPhoto platform account and have downloaded the Photo Subject Data from the GotPhoto platform (see section 2.b)(i)), your Photo Subject Data will be stored on the GotPhoto platform. In order to enable you to use the services, the Photo Subject Data is temporarily synchronised to, stored in and displayed to you on your mobile device by the Software. Any changes made or new Photo Subject Data captured by you are synchronised back to the GotPhoto platform. After you logout from the Software, the temporary storage of Photo Subject Data is cleared. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Service Usage Data is sent by the Software to Firebase Analytics and can only be viewed by GotPhoto’s service administrators. Service Usage Data is used by GotPhoto’s service administrators to analyze, optimize and economically operate the mobile app.

The Photo Subject Data and Service Usage Data will be protected by encryption techniques while it is used for the purposes described above.

4. Information Sharing
GotPhoto will not disclose your information to any third party unless it is necessary to provide the Software and services to you. Before sharing any information with a third party, we will inform you about the data being shared, the purpose for such data disclosure and the identity of the third party. If legally required, we will ask for your consent.

During your use of the Software, Service Usage Data is sent to Firebase Analytics by the Software.

5. Data Protection
The Software has security measures to help protect your data including: i) authenticated access; ii) encryption of Authentication Data and Photo Subject Data while stored on your mobile device and during transmission to and from the GotPhoto platform; and iii) encryption of Service Usage Data during transmission to Firebase Analytics.

You are responsible for protecting your Authentication Data and preventing access to the GotPhoto platform through the Software while your mobile device is unattended.

6. Who We Are
We are Fotografen Online Service GmbH, a private limited company incorporated and registered in Germany with registration number HRB 147385 (“GotPhoto”). Our registered office is at Hausvogteiplatz 12, 10117 Berlin, Germany. Please address any privacy questions and concerns to privacy@gotphoto.com.

7. Your Data Subject Rights
You have the following data subject rights:

To assert your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, beyond this period if there is a reason to assert, exercise or defend legal claims. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, based on our interest to defend ourselves against any civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability obligation pursuant to Art. 5 para. 2 GDPR.

You have the right to revoke your consent at any time. As a result, we will no longer process your data based on this consent. The revocation of consent does not affect the lawfulness of processing your data before the revocation of your consent.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation.

If you would like to exercise your right of cancellation or objection, simply send an informal message to the contact details above.

Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right, for example, with a supervisory authority in the state of your place of residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Germany is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany.

8. Changes to the Privacy Policy
We occasionally update this privacy policy, for example when legal or regulatory requirements change.

* * *

SVersion: September 2024