Privacy Policy (V3) - Secret Santa
Thank you for your interest in our app: Secret Santa.
Despite careful control of the content, we cannot assume any liability for external links to third-party content. The protection of your personal data is important to us. Here you can find out what data is collected and used during use. This privacy policy is valid for the iOS and Android version of this app.
Data processing
We process personal data which we receive from you on the basis of your consent to use this app:
User:
- Username (Unique, freely selected name for search; visible to all)
- Display name (Internal, freely selected displayed name; visible to all)
Authentication:
- Email password registration: email address, encrypted password
- Google Sign-In: Data according to Google Authentication Terms of Use
- Apple Sign-In: Data according to Apple Sign-In Terms of Use
Newsletter: (only after consent according to Opt-In):
- Language- & Countrycode
Groups:
- Name (Für die interne Unterscheidung zwischen verschiedenen Gruppen; für alle sichtbar)
- Budget
- Group participants
- Gift advice
- Drawn pairs
- Backup drawn pairs (remains if user leaves the group)
- Gift handover date
The app collects anonymized diagnostic data, which helps to make the app more crash-proof and user-friendly. Google Analytics for Firebase is used for this purpose.
You can revoke this consent at any time. A revocation has the consequence that we no longer process your data for the above-mentioned purposes from this point on and you can no longer use the application. Furthermore, the user and group data will be deleted, with the exception of “backup drawn pairs”. The authentication data will be deleted after a 30-day period. For a revocation, delete the account in the app, or contact:
Google Analytics for Firebase
(https://firebase.google.com/)
The collected data helps to better understand and improve the usage of the app. All IP addresses and data are stored in anonymized form. Thus, the data obtained cannot be used to personally identify users.
Firebase Analytics uses an advertising ID. You can restrict this use in the device settings of your mobile device.
For Android: Settings > Google > Advertising > Reset Advertising ID.
For iOS: Settings > Privacy > Advertising > No ad tracking.
You can find more information about Google Firebase and their privacy policy here: https://www.google.com/policies/privacy/
Google Fonts
The Android app uses Google Fonts from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) are used. The use of Google Fonts is not authenticated. Requests to the Google Fonts API are directed to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com.
This means that your font requests are separate (do not include credentials that you send to google.com) while using other Google services that are authenticated such as Gmail.
More information about Google Fonts can be found here: https://developers.google.com/fonts/faq & https://www.google.com/policies/privacy/
Google Admob
The free version of the app uses Google Admob to display ads. Ads are personalized based on the user’s device settings. You can restrict this use in your mobile device settings.
For Android: Settings > Google > Advertising > Reset Ad IDFor
iOS: Settings > Privacy > Advertising > No Ad Tracking
The Google Admob service is provided by Google (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
General information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/
Data permissions in the apps
If you want to use all the functions of the app (e.g.: use the camera to create a profile picture), you must grant the app corresponding access to certain functions of your smartphone. However, these permissions are not mandated and can be revoked in the mobile device settings.
Storage / deletion period
We store your data as long as you do not delete your user account. Backups are made monthly to ensure that data can be restored in the event of data loss. If the account is deleted, the backup data will also be purged after 30 days at the latest.
Newsletter
As a user, I can revoke my consent at any time; the easiest way to do so is to send the revocation to the following e-mail address:
The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Responsible for data protection:
Motecso OG
If you have any questions, please contact us at:
The legal basis for data processing for the purpose of sending the newsletter is your consent. We process your data for the purpose of sending the newsletter until you revoke your consent. We work together with an operator of a newsletter management system based in the EU to process the newsletter dispatch. With regard to your data stored by us, you are generally entitled to information, correction, restriction and objection, data processing as well as deletion and transferability of your data. If you believe that we are violating data protection regulations, you can complain to us at office@motecso.com or to a data protection authority.
Processor
We use the following processors for data processing: Firebase, Google, Apple.
Your data is also processed, at least in part, outside the EU or EEA (United States of America).
The adequate level of protection results from an adequacy decision of the European Commission according to Art 45 DSGVO.
Contact
You can reach us at the following contact details:
Motecso OG
You can contact our data protection officer using the following email address:
Legal Remedies
In principle, you are entitled to the rights of information, correction, deletion, restriction, data portability and objection. For this purpose, please contact us.
If you believe that the processing of your data violates data protection law, or your data protection rights have been violated in any other way, you can report this to the supervisory authority.
In Austria, the data protection authority is responsible.