Privacy Policy en

We take the protection of your data very seriously and treat your data confidentially and in accordance with the legal regulations and the following privacy policy. This applies to the "Pam App" available in the Google Play Store and the Apple App Store.

Downloading and installing the Pam App may require prior registration with the respective App Store (Apple/Google). In this process, Apple and/or Google collect, process, and use personal data over which we have no control and which may not be in accordance with the General Data Protection Regulation (GDPR). The responsible party in this respect is solely the operator of the respective App Store. If necessary, please inform yourself directly at the respective App Store provider.

Pam App partially links to external web sites and offers. As soon as these links/offers are accessed, you are leaving the offer/service of Pam App and the (retrievable) data protection provisions of the external link/offer apply.

Below, we inform you according to Art. 13 GDPR about nature and scope as well as the purpose of the processing of personal data (hereinafter "data") by us. Regarding the terms used, please refer to the definitions of Art. 4 GDPR. Personal data are all data with which you can be personally identified.

1. Responsible person

Responsible for data processing according to Art. 13 para. 1 GDPR:

PLR UG (limited liability)
represented by the managing director Pamela Leonie Reif
Karlstr. 41
76133 Karlsruhe
Germany
contact@pam-app.de

2.Data acquisition

Each time you open Pam App on your mobile device, Pam App automatically collects data and information from the operating system of the mobile device. Specifically, we collect:

a) Application data
Each time you access Pam App, the following data is collected:

•   model of the mobile device
•   operating system
•   language
•   date and time of the request
•   IP address
•   Device ID
•   Advertising ID
•   installed version of Pam App

Processing of this log file data is based on Art. 6 para. 1 lit. f. GDPR to analyze errors, optimize our offer and prevent/defense abuse. This data is stored for a period of up to 30 days and will be deleted afterwards. The analyses are carried out exclusively for our purposes. If data is suitable as evidence to clarify a matter, it is exempted from deletion until the respective incident is finally clarified.

b) When downloading and using the app
•   App Store ID

Pam App recognizes your App Store ID when you download/install and use Pam App, and when you make In-App-Purchases. This ID is not forwarded to us. In the case of In-App-Purchases, we only receive anonymized information from the respective app store and cannot draw any conclusions about you or your person.

For more information about the purpose and scope of the collection, as well as the further processing and use of your data by the App Store Providers Apple and Google, as well as your rights and settings options for protecting your data, please refer to the privacy policy of the App Store Providers:
https://www.apple.com/legal/privacy/de-ww/
https://policies.google.com/privacy?hl=de

The processing of this data is based on Art. 6 para. 1 lit. b GDPR to provide the functions of Pam App. A link between your Apple User Account or Google User Account and Pam App can be made at any time in the settings of your mobile device and thus the consent can be revoked at any time. For more information, see the terms of use and privacy policies of the App Store Providers.

c) Push services
The Pam app uses the Push Services of the operating system manufacturers. These are short messages that are displayed on your screen with your consent and inform you about news. If you want to receive push notifications even when you are not in our app, your consent is required, which we ask for the first time you install (Android) or use (iOS) the app. All notifications or access options can be subsequently turned on or off in the settings menu.

To use the notifications, your mobile device registers with the respective Push Service after installing the App. For push notifications, we use the services Firebase Cloud Messaging from Google (Android) and Apple Push Notifications (iOS). In doing so, Firebase and Apple generate a calculated key, which is composed of the identifier of the App and your device ID. This key is stored with your push settings in the Pam App to accordingly provide you with the selected content. Firebase or Apple servers cannot draw any conclusions concerning the requests of users or determine other data related to your person. Firebase and Apple serve exclusively as transmitters.

As soon as you turn off the push notifications in the settings, the key is deleted in the Pam App. This data is processed on the basis of Art. 6 Para. 1 lit. a, b GDPR to implement the Push Service. By turning off the push notifications the consent can be revoked at any time.

d) Data analysis
Pam App optionally uses Google Analytics for Firebase and Firebase Crashlytics for statistical analysis of the use of the App. The corresponding provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can choose whether to use Google Analytics for Firebase and Firebase Crashlytics when you first launch the App. You can also deactivate the use of Google Analytics for Firebase and Firebase Crashlytics in the App at any time. Since Google uses the advertising ID of your device for data transmission, you can also restrict the use of the advertising ID directly (iOS: Privacy/ Advertising/ No Ad Tracking; Android: Account/ Google/ Ads).

Google Firebase includes various features that allow us to analyze in-app behavior. In this way, we can, for example, analyze your page views and button confirmations as well as use of features. Google Firebase stores for these purposes, among other things, the number and duration of sessions, operating systems, device models, region and several other data in anonymized form. A detailed overview of the data collected by Google Firebase can be found at https://support.google.com/firebase/answer/6318039. Subcontractors that Google may use can be found at the following link: https://firebase.google.com/terms/subprocessors. The information about the use of Pam App will be transferred anonymously to a Google server in the USA and stored anonymously. Google will also use the aforementioned information to evaluate the use of the App and to provide us with other services related to the use of apps. Firebase does not collect any personal data.

Google Firebase Crashlytics is used for the stability and improvement of the app. It collects information about the device used and the usage of our App (e.g. the timestamp, when the App was started and when the crash occurred), which allows us to diagnose and solve problems. The data is stored anonymously.

The integration is based on your express consent according to Article 6 Para. 1 p. 1 lit. a GDPR and for a more user-friendly and interesting design of the app. This represents a legitimate interest within the meaning of Article 6 Para. 1 lit. f GDPR. Your consent can be revoked at any time.

You can find more information about Google Firebase at:
https://firebase.google.com/terms/crashlytics/
https://firebase.google.com/support/privacy/

e) Registration of a user account
Through our login system you can create a Pam App account, which you can use to log in to the Pam App after the initial registration. All data you enter in your account is stored in a database of the Pam App at the service provider mentioned below (lit. f)).

To redeem the code to unlock the recipes of the cookbook "You deserve this - Snack Cookbook" you need to create a Pam App user account and accept the terms and conditions and privacy policy. The code can only be found in the first edition of the printed book. We ask for the following data during registration:

•   IP address at registration
•   email address
•   Your password

Processing of this data is based on Art. 6 para. 1 lit. a, b GDPR for identification of the customer account and execution of the user contract. This data is stored for up to 30 days after deletion of the customer account and then deleted. The given consent can be revoked at any time with effect for the future.

After entering your data, you will receive a verification link sent to the e-mail address you provided. The verification link is valid for seven days. Only after you have confirmed your registration via this link, your Pam App account will be created and you can redeem the above cookbook code (only available in the first book edition) to unlock the recipes of the cookbook "You deserve this - Snack Cookbook" and access the recipes contained therein. If you do not confirm your registration, your personal data will be deleted immediately after the verification link expires. After the verification link expires, you will need to go through the registration process again to create a customer account.

Registration with Google
We also offer you the possibility to create your Pam App account via your Google account or to link it to your Google profile. You can register or login with us using your Google account by simply using the Google button instead of other options when registering your Pam App account. You will then be redirected to Google (where you need to be logged in or have an account) and will be told what data we need from you from Google - namely, first and foremost, your public profile information, such as your email address that you have on file there. This is necessary for identification in order to create a secure Pam App account for you. We use the email address to permanently link your Google profile and your Pam App account and store the fact that you have registered with us via Google. We do not learn your Google credentials at any point and will not share any information about you with Google without your consent. In addition, we will use your email address to contact you with notices at that address, if necessary. How Google deals with privacy settings, you can find in the privacy policy (https://policies.google.com/privacy) and terms of use (https://policies.google.com/terms) of Google. There you will also find the valid terms for the above mentioned possibility to log in and register with us.

Registration with Apple
We offer you the possibility to register and log in via your Apple account using "Apple Login". When you first register using the Apple ID, the app will ask you for your email address so that we can set up an account for you. We store your email information with us and will contact you at this address with instructions if necessary. While you are using the "Register with Apple ID" feature, you will not be tracked or profiled by Apple itself. Apple collects only the information necessary to ensure that you can sign in and manage your account. As long as you remain logged in on your device, you will automatically remain logged in to our app. You can find more information about Apple login at this link: https://support.apple.com/de-de/HT210318.

f) Amazon Cloudfront
We use the Content Delivery Network (CDN) Amazon CloudFront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to secure and deliver your data faster. A CDN is a network of [globally] distributed servers capable of delivering optimized content to users. AWS is a recipient of your personal data and acts as a processor for us. The legal basis for data processing is Art. 6 (1) lit. f DSGVO. The legitimate interest is to ensure error-free functioning of the app and not to operate a content delivery network ourselves. If a corresponding consent was requested, the processing is based exclusively on Art. 6 (1) a DSGVO; the consent can be revoked at any time.

When processing your data, personal data may also be transferred to the parent company of AWS in the USA. AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Details can be found here:
https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

For more information, please refer to the AWS Privacy Policy:
https://aws.amazon.com/de/privacy/?nc1=f_pr
3. Permissions

For the App to function properly, you have to grant access to certain mobile device functions and personal data that are stored on this device. You will be asked to grant the corresponding access authorization either once at the beginning or only when using the respective function. You can view, adjust, and revoke the assigned permissions in the settings of your mobile device.

Network Access & Network Connections
Network access is required because Pam App can only be used in online mode.

Notifications
Access to notifications is required to send you push messages. Access is enabled by default on Android-based mobile devices; disabled on iOS-based mobile devices.

4. Newsletter
By subscribing to our newsletter, you agree to receive it and to the procedures explained. We send newsletters in the form of e-mails and other electronic notifications with promotional information only with the prior consent of the recipient or a legal authorization.

If the contents of the newsletter are specifically described in the course of registration, these are decisive for the user's consent. Besides, our newsletters contain information about our services and us.

Double opt-in and logging
The registration for our newsletter takes place via the so-called double opt-in process. This means that a message is sent to the e-mail address you have provided, requesting confirmation of the registration by clicking on a specific link. This confirmation is necessary to ensure that users can only register with e-mail addresses that they can access and do not misuse third-party e-mail addresses. To be able to prove the registration process in accordance with legal requirements, every registration for the newsletter is logged. For this purpose, the time of registration and confirmation as well as your IP address are recorded. In addition, the changes to your data that are stored with the service provider are recorded.

Login data
To subscribe to our newsletter, simply enter your e-mail address. In order to be able to address you personally in the newsletter, you can also enter your name. This data is processed on the basis of Art. 6 Para. 1 lit. a, b GDPR for sending the newsletter and the logging of the registration process on the basis of Art. 6 Para. 1 lit. f GDPR.

Termination/Revocation
You have the right to cancel our newsletter service at any time. By doing so, you revoke your consent at the same time. You will find a link to unsubscribe from our newsletter at the end of each newsletter. In order to be able to prove a given but later revoked consent, we are entitled to store the unsubscribed email addresses up to three years after the revocation based on our legitimate interests.
Provider
For this purpose, we use the provider Sendinblue (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany; website: https://de.sendinblue.com/; privacy policy: https://de.sendinblue.com/legal/privacypolicy/). The data you enter for the purpose of receiving the newsletter is stored on Sendinblue's servers in Germany.

Data analysis by Sendinblue
With Sendinblue we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter was opened and which links, if any, were clicked. This way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain pre-defined actions were performed after opening/clicking (conversion rate). Sendinblue also allows us to subdivide ("cluster") newsletter recipients based on various categories. In doing so, the newsletter recipients - if you have provided this data - can be subdivided, for example, according to age, gender or place of residence, to better adapt the newsletters to the respective target groups.

If you do not want Sendinblue to analyze your data, you must unsubscribe from the newsletter, see above.

5. Integration of YouTube

Pam App uses the YouTube embedding feature to display and play videos from the provider "YouTube", which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

When embedding YouTube videos in the Pam app, we use the extended privacy mode. This means that none of your data is transferred to YouTube if you do not play the videos. Only when you play videos, some of your user information is transferred to YouTube to collect video statistics, improve the user experience and prevent abusive behavior. We have no influence on this transmission.

If you are logged in to Google, your data will be directly assigned to your Google account as soon as you click on a video. If you do not want the association of your profile with YouTube, you must log out of Google before activating the video. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google's legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Youtube to exercise this right.

For more information about the purpose and scope of data collection and processing by YouTube, please see its privacy policy. There you will also find further information about your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

6. Rights of the data subjects

Right of information: You have the right to request information about whether data concerning you is being processed. In addition, you have the right to receive further information and a copy of the data in accordance with the legal requirements.

Right of rectification: You have the right to complete the data concerning you and to correct any inaccurate data concerning you.

Right of deletion: You have a right to immediate deletion of the data concerning you in accordance with the legal requirements. Alternatively, you have the right to restrict the processing of the data within the scope of the legal requirements. (see also right of objection)

Right of data portability: You have a right, in accordance with the law, to be provided with the data concerning you that you have made available to us, and you may also request that it will be transferred to other responsible persons.

Right of restriction of processing: You have a right to request the responsible person to restrict processing in accordance with the law.

Right of appeal to a data protection supervisory authority: You have the right to file a complaint with the competent supervisory authority.

7. Right of revocation

You can revoke your consent at any time with effect for the future.

8. Right of objection

You have the right to object to the future processing of the data concerning you in accordance with the law. In particular, the objection may also be directed against the processing for purposes of direct marketing.

9. Cooperation with processors, joint responsible persons and third parties

For certain services, it is necessary in the course of our processing of the data to disclose it to other persons (usually companies), i.e. to transmit data to them or otherwise grant them access to the data. These companies are, on the one hand, processors or jointly responsible persons, and on the other hand, third parties such as payment service providers. Such disclosure is only made on the basis of a legal permission or obligation, on the basis of the consent by the user or on the basis of our legitimate interests, which exist, for example, in the use of agents or web hosts. Such a legitimate interest also exists in particular when processing the data for administrative purposes.

In the event that we make data accessible to other companies in our group of companies (through disclosure, transmission or granting access in any other form), this is done in particular for administrative purposes. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. In addition, access may also be based on a legal requirement.

10. Security measures

In order to ensure a level of protection appropriate to the risk, we ensure, in accordance with
•   the legal requirements, taking into account the state of the art,
•   the implementation costs, the nature, scope, circumstances and purposes of the processing, and
•   the varying likelihood and severity of the risk to the rights and freedoms of natural persons
for appropriate technical and organizational measures.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data through
•   control of physical access to data,
•   control of access to the data,
•   control of the data input, transfer, availability and separation.
In addition, we have created procedures that guarantee the exercise of data subjects' rights, deletion of data, and response to data compromise.

11. Deletion of data

In accordance with the legal requirements, we delete the data we have collected or restrict its processing. We delete the data stored by us as soon as the purpose on which the storage is based has ceased to exist and as soon as there are no legal obligations to retain data and no deviating regulations have been made in this data protection declaration. Data will be deleted after 24 months at the latest. If the data cannot be deleted because it is required for other, legally permissible purposes (e.g. storage for reasons of commercial or tax law), its processing will be restricted. In this case, the data is processed exclusively for this purpose and is otherwise blocked.

a) Storage periods for active use
When the App is actively used, certain data is stored until it is uninstalled. For a better overview, we provide you with a list:
•   Link to your device
•   App Store ID
•   Consent to privacy policy
•   Consent to analysis of usage behavior
•   Time of last App use
•   Language (German/English)

b) Deletion of your data upon uninstallation
Uninstalling Pam App will delete the data on your mobile device. The uninstallation of Pam App also leads to the deletion of your Pam App data, as this is only stored on your mobile device. This does not apply to a newsletter subscription; unsubscribing is done separately according to the steps mentioned above (No. 4).
12. Changes to the privacy policy

A new legal situation or changes in the data processing carried out by us may make it necessary to adapt this data protection declaration. For this reason, we ask you to regularly check the content of our privacy policy. If a change requires your cooperation (e.g. consent) or other individual notification, we will inform you in an appropriate form.

13. Contact

You can reach us at the following e-mail address: contact@pam-app.de

When contacting us, your data will be processed for handling and processing the contact request. The transmission of the data is SSL- or TLS-encrypted, provided that your mobile device supports it. This data is processed on the basis of Art. 6 Para. 1 lit. b. GDPR. With regard to other requests, Art. 6 para. 1 lit. f. GDPR is relevant. Your inquiry/data will be stored in our Customer Relationship Management System ("CRM System") or comparable inquiry organization and deleted if no longer necessary. The review of the necessity takes place every two years. Otherwise, the legal archiving obligations apply.

Status: October 2021