Data protection statement

Privacy Statement POIbase PC app
(Last Updated: 15 May 2018)

Disclaimer: This is a translation from German for information purposes only. While we endeavour to provide as accurate a translation as possible, errors cannot be ruled out and only the original German version is legally binding.

1. Which personal data we collect and contact details
2. Data collected while using the application
3. Data processing on account creation and when using the application
4. Storage of private POI’s (points of interest)
5. Data processing during order placement
6. Getting in touch
7. Live chat software
8. Use of personal data for direct marketing
9. Tools and misc.
10. User rights
11. Duration of personal data retention

1. Which personal data we collect and contact details

1.1 Thank you for choosing our application and for your interest in our product. Below we will explain how your personal data is handled when using our application. Personal data is all data that can be used to identify you.
1.2 The entity responsible for processing data acquired during use of this application in accordance with the General Data Protection Regulation (EU GDPR) is pocketnavigation.de GmbH, Auf den Hähnen 36, 56581 Ehlscheid, Germany, Email: info@pocketnavigation.de, Phone +49 (0)2634 922271.
As the natural or legal entity, pocketnavigation.de determines the purposes and means of processing personal data, be it independently or in cooperation with others.
1.3 This application uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. registration).

2. Data collected while using the application

2.1 If the application is used for information purposes only, i.e. if you are not registered or do not otherwise provide us with information, we only collect data transmitted to our servers via the application to ensure its functionality, and the standard data that is collected when contacting our servers (so-called "server log files"):
It is technically required to collect the following data when the app is used to ensure its functionality:
• The app page visited
• Date and time of access
• Volume of data transmitted in bytes
• Source/link from which the page was accessed
• Device used (automatically detected or manually selected)
• The letter allocated to the selected drive and directory name/s of detected devices
• Operating system used
• App version used
• IP address used (where applicable: in anonymized form)
Processing is carried out in accordance with Art. 6, Sec. 1 (f) EU GDPR on the basis of our justified interest in improving the stability and functionality of the application. The data is not passed on to third parties or used in any other way. However, we reserve the right to review the recorded data retrospectively if there are concrete indications of illegal use.

3. Data processing on account creation and when using the application

In accordance with Art. 6, Sec. 1 (b), EU GDPR, where provided, personal data will continue to be collected and processed for the execution of a contract or when creating a user account. Which data is collected can be deduced from the respective input fields. In addition, the following data may be collected and stored in your user profile:
• Selected or detected devices
• Selected and downloaded content (e.g. POI categories, apps, voices, etc.)
• Settings and filters (e.g. area filters)
• POI data imported or modified by the user (more details under point 4.)
• Hardware and device ID’s of the connected devices
• Date and time of the last visit to the news page
• Language selected
• Partner ID (taken from setup)
• Any activation and voucher codes used

Your user account can be deleted at any time upon written request to the address mentioned above. Data provided previously is stored and used for contract processing.

Following complete processing of the contract or deletion of your customer account, your data is retained solely for tax-related and commercial purposes and deleted once all relevant periods have expired, unless you expressly consent to the further use of your data or unless a legally permitted continued use of the data is required on our part, which will be elaborated upon accordingly below.

4. Storage of private POI’s (points of interest)

An important aspect of this application is the ability to record and edit location-based points ("points of interest", hereinafter referred to as POI’s) which are displayed on the map. POI’s may contain certain data:
• Exact position (mandatory)
• Name / Description
• Contact details (phone number, address, contact person, etc.)
• Opening hours and further specific information about the POI in question, including possibly photos.

This POI data is accessible to and can be viewed by all POIbase users in accordance with our Terms of Use and the purpose of the software. The data provided by the user is thus in no way protected from access by third parties; it is the user's responsibility to only upload publicly accessible data. In addition to general POI’s accessible to all POIbase users, there is also a "private POI" category. Private POI’s cannot be viewed by other POIbase users. When editing or creating private POI’s, the transmission is encrypted, but the data is subsequently stored unencrypted in our servers’ databases. Private POI’s are transferred and stored in accordance with Art. 6, Sec. 1 (b) EU GDPR for contract fulfilment and exclusively upon user-request (via use of the POI import function or creating/editing private POI’s). The data is not passed on or used in any other way. However, we reserve the right to review the recorded data retrospectively, if there are concrete indications of illegal use.

5. Data processing during order placement

5.1 We cooperate with the following service providers to process orders. Their support is required wholly or partially to complete contracts. Certain personal data is transmitted to these service providers pursuant to the information below. Where applicable, personal data will be passed on to the shipping provider commissioned with the delivery of physical goods. When required, payment data will be conveyed to the relevant credit institution. Payment service providers used are detailed below. The legislative basis for transferring said data is Art. 6, Sec. 1 (b) EU GDPR.

5.2 Use of payment service providers
– Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or where applicable "purchase on account" or installments via PayPal, your payment data will be passed on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) for processing purposes. This is in accordance with Art. 6, Sec. 1 (b) EU GDPR and applies only when it is required for payment processing. PayPal reserves the right to carry out credit checks for the payment methods: credit card via PayPal, direct debit via PayPal or - where applicable - "purchase on account" or installments via PayPal. In this case, your payment data may be passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency pursuant to Art. 6, Sec. 1 (f) EU GDPR. PayPal will decide whether to provide the payment method in question based on the result of the credit check and the statistical probability of non-payment derived therefrom. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. This may include, but is not limited to, address data. For further information on Paypal’s data protection, including the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
You may object to PayPal processing your data at any time by sending them a message directly. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

- ipayment
Where the options "direct debit via ipayment" and / or "credit card via ipayment" are available and selected, your personal data will be passed on to 1&1 Internet AG, Elgendorfer Str. 57, 56410 Montabaur (hereinafter: "1&1"), in accordance with Art. 6, Sec. 1 (b) GDPR, for the purpose of payment processing, where applicable. More information can be found in 1&1’s Privacy Policy at: https://www.ionos.co.uk/terms-gtc/terms-privacy/

6. Getting in touch

If you decide to contact us (for instance via an online contact form or per email), personal data will be collected. Which data is collected can be deduced from the available fields if a form is provided, or the automatically generated email. This data is saved exclusively for the purpose of answering any questions posed and for the technical administration required to do so. The legal basis for processing this data is our interest in answering the questions posed in accordance with Art. 6, Sec. 1 (f) EU GDPR. If the purpose of establishing contact is the conclusion of a contract, the additional legislative basis for processing your information is in accordance with Art. 6, Sec. 1 (b) GDPR. Your data will be deleted once your request has been processed, assuming the matter was solved conclusively and there is no legal basis to retain the data.

7. Live chat software

This website uses a live chat system provided by LiveZilla GmbH, Byk-GuldenStraße 22, 78224 Singen (www.livezilla.net/home/en/), which collects and saves anonymous data for web analysis and to provide a functional live chat system. An alias may be used to create user profiles using this data. Assuming the data includes personal information, it is processed in accordance with Art. 6, Sec. 1 (f) EU GDPR on the basis of our legitimate interest in effective customer support and the statistical analysis of user behaviour for optimisation purposes. Data collected via LiveZilla technologies is not used to identify the user personally without their express consent, and is not merged with the alias bearer’s personal data. You can object to the process of collecting and saving data in order to create a pseudonymous user profile with future effect at any time by sending an email to the address in the “About us” section of the website.

8. Use of personal data for direct marketing

If you provided us with your email address during the order process, we reserve the right to inform you of special offers for subscription extensions or products similar to the ones you already ordered by email. In accordance with § 7 sec. 3 UWG (German Unfair Competition Act, section on unreasonable nuisance), we do not require special permission for this. The data is processed exclusively on the basis of our legitimate interest in personalised direct marketing in accordance with Art. 6, Sec. 1 (f) GDPR. If you initially excluded your email address from being used for this purpose, you will not receive any such emails. You reserve the right to object to your email address being used for the reasons specified above with future effect by informing the responsible entity mentioned at the beginning. This will only incur the costs involved in transmitting the request at the basic rates. Your email address will not be used for advertising purposes effective immediately upon receipt of the objection.

9. Tools and Misc.

9.1 HERE
Our application uses HERE Maps (API) provided by HERE Global B.V., Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands („HERE”). HERE is a web service providing interactive maps that display geographical information visually. This service provides a map as well as all relevant map data, a route-planner and other map-related functions such as a location search. Even when accessing sub-pages that are connected to the HERE maps, information regarding your app use (such as the IP address) is sent to and recorded on HERE servers. The map is an essential part of our application and passing this data on, is in accordance with Art. 6, Sec. 1 (f) GDPR on the basis of legitimate interest. HERE’s privacy policy is available here: https://legal.here.com/en-gb/privacy.

9.2 Use of Youtube videos

We use the YouTube embedding function to display and play videos hosted by Youtube, which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The extended data protection mode is employed, which according to the provider means that user data is only collected if a user interacts with the video interface. In this case, Youtube cookies are employed to collect data about user behaviour. According to Youtube, this data is used to record video statistics, to improve the user experience and to prevent abuse. If you are logged into Google, any data will be allocated to your account on activating a video. If you do not want your activity to be associated with your YouTube user profile, you should log out beforehand. Google saves your data irrespective of whether you are logged in or not, in the form of usage profiles, and analyses them. This analysis is performed in accordance with Art. 6, Sec. 1 (f) EU GDPR on the basis of legitimate interest on the part of Google as regards implementing personalised advertising, market research and/or improving the design of their user interface in line with customer behaviour. You have the right to object to the generation of user profiles, but you have to contact YouTube to make use of it.

Irrespective of playback of embedded videos, accessing the website instigates a connection to the Google DoubleClick network, which may involve further data processing beyond our control. Google LLC based in USA is certified by the US-European privacy agreement Privacy Shield, which guarantees adherence to EU data protection regulations. More information can be found in Google’s Privacy Policy under: https://policies.google.com/privacy?

10. User rights

10.1. The effective data protection legislation guarantees individuals extensive access and intervention rights upon which we will elaborate below:

– Right of access in accordance with Art. 15 EU GDPR: In particular, you have the right to information as regards which personal data is processed and for what purpose, the categories of the processed data, the recipients or categories of recipients to whom the data was or is conveyed, the intended duration of the data retention and the criteria used to determine the duration of the data retention, the existence of the rights of rectification, deletion, limitation of processing, objection to processing, complaints to a regulatory authority, the origin of any data not collected by us, the existence of automated decision-making including profiling and, where applicable, detailed information on the logic involved and extent to which you were or are affected, as well as the intended goal, and your right to information as regards any guarantees if data is transferred to third countries in accordance with Art. 46 EU GDPR;

– Right to Rectification in accordance with Art. 16 EU GDPR: You have the right to demand inaccurate personal data be corrected, or missing data completed without undue delay;

– Right to deletion in accordance with Art. 17 EU GDPR: Assuming the conditions of Art. 17 sec. 1 EU GDPR apply, you have the right to demand deletion of your personal data. This right does not apply when processing is required in the name of exercising the right of freedom of expression and information, when it is legally required, when it is in the public interest or when it is required for the establishment, exercise or defence of legal claims;

– Right to restriction of processing in accordance with Art. 18 EU GDPR: you have the right to request restricted processing of your personal data, provided the accuracy of the contested data is verified, if the deletion of unlawful data is rejected and restricted data processing is requested instead, if the data is required on your part for the establishment, exercise or defence of legal claims after it has fulfilled its purpose for us, or if you have objected to processing on grounds related to your specific situation, and provided our legitimate interests have not yet been ruled to override yours;

– Notification obligation in accordance with Art. 19 EU GDPR: assuming you have exercised your rights to have your data corrected, deleted or restricted, we are obliged to inform any recipient of said data, unless this proves to be impossible or the procedure required to do so is considered disproportionate. You retain the right to be informed who said recipients are.

– Right to data portability in accordance with Art. 20 EU GDPR: you have the right to request any personal data we acquired from you in a structured, commonly used, machine-readable format for yourself or a responsible third party, provided this is technically possible.

– The right to withdraw consent as defined by Art. 7, Sec. 3 EU GDPR: you have the right to withdraw any consent given to process your data with future effect at any time. In this case we will delete the data in question immediately, provided there is no legal basis to retain it irrespective of consent. Withdrawal of consent will not affect the legality of consensual processing prior to withdrawal.

– Right to complaint in accordance with Art. 77 EU GDPR: You have the right to file a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. The complaint can be lodged in the member state of your residence or workplace, or the place where the breach has occurred, assuming you believe the processing of your personal data is in breach of EU GDPR.

10.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR DATA ON THE BASIS OF OUR LEGITIMATE INTEREST OVERRIDING YOUR OWN; YOU HAVE THE RIGHT TO OBJECT ON THE GROUNDS OF YOUR PERSONAL SITUATION AT ANY TIME WITH FUTURE EFFECT. IF YOU MAKE USE OF YOUR RIGHT TO OBJECTION, WE WILL NO LONGER PROCESS THE DATA IN QUESTION. NEVERTHELESS, WE RETAIN THE RIGHT TO CONTINUE PROCESSING THE DATA IF WE CAN PROVE COMPELLING LEGAL GROUNDS FOR DOING SO AND THESE OVERRIDE YOUR INTERESTS, BASIC RIGHTS AND BASIC FREEDOMS, OR IF PROCESSING THE DATA SERVES LEGAL CLAIMS OR ENFORCING OR EXERCISING THE LAW.

IF WE USE YOUR DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR SUCH PURPOSES AT ANY TIME. THIS OBJECTION CAN BE MADE AS DESCRIBED ABOVE.

IF YOU MAKE USE OF YOUR RIGHT TO OBJECTION, WE WILL STOP USING YOUR DATA FOR DIRECT MARKETING PURPOSES.

11. Duration of personal data retention

The period for which personal data is retained depends upon the law (for example, periods required by tax or commercial laws). Once this period has expired, the data will be deleted automatically, provided it is no longer required for contractual purposes, to initiate prospective contracts, and/or that there is no legitimate interest on our part to retain the data.


Download and print: