When using Leica FOTOS (“App”), we collect, process and use data. Since protecting the privacy of our users when using this App is important to us, we would like to inform you below about which personal data we collect and how we handle these data. Leica FOTOS of Leica Camera AG may contain links to websites of other providers to which the data protection statement does not apply.
1 RESPONSIBLE PARTY / CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The responsible party for the data processing regarding the Leica FOTOS App is Leica Camera AG, Am Leitz-Park 5, 35578 Wetzlar.
Data protection officer's e-mail address: email@example.com)
2 COLLECTION AND USE OF YOUR PERSONAL DATA
2.1 GENERAL USE OF THE SERVICE
When using the App, we collect and store certain data automatically. This includes: the IP address or device ID assigned to the respective end user device, which we require for the transmission of requested content (e.g. in particular content, texts, images and product information as well as files made available for download, etc.), the type of end user device, and operating system used and the date and time of use.
This data processing takes place in order to facilitate the use of the App.
We hold this information for a maximum of one month for the purpose of recognizing and pursuing misuse.
Aside from this, we delete or anonymize these usage data, including the IP addresses, without undue delay as soon as they are no longer needed for the above mentioned purposes.
The processing of the data is carried out on the basis of legal provisions which authorise the data processing because it is necessary for the provision of the App to the user (Art. 6 para. 1(b) GDPR), or because we have a legitimate interest in safeguarding the security and functionality of our App as well as its proper use without the affected data subjects having an overriding interest (Art. 6 para. 1(f) GDPR).
The App may contain links to websites of other providers to which the data protection statement does not apply.
Provided you have given your consent we will process your location data for geotagging purposes. These location data are added to your photos’ metadata when you take them with your camera connected to the Leica FOTOS app and allow you to track where your photos were taken.
The legal basis for the processing is your consent (Article 6 para. 1(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your general location data preferences or by revoking the respective app level permission for the Leica FOTOS app on your mobile device in the settings menu.
Withdrawing your consent is without prejudice to the lawfulness of the processing effectuated through the date of your withdrawal. Kindly note that location data already added to your photos’ metadata will remain unaffected by any future changes of your location data preferences. These data will only be erased, when you delete the photo from the Leica FOTOS app gallery.
Furthermore, we advise you of the following: Based on your geotagging/location data preferences, location data is collected even when the Leica FOTOS app is closed or not in use. You can manage your location data preferences in the settings menu as described above.
Neither by law nor by contract are you required to provide your location data. However, it is necessary that you provide your location data, so that we can provide you with the geotagging function. If you do not allow us to access your location data, we will be unable to provide this function.
2.3 CONTACT AND SERVICE INQUIRIES
You can send us general contact inquiries or specific service inquiries by using our App. By doing so your e-mail address will be forwarded to us. When contacting us, you can decide which additional data you will provide to us (e.g. the content of the message).
We process your data in order to answer your inquiries. The processing of the data is carried out on the basis of legal provisions which authorise the data processing because it is necessary in order to process your inquiry (Art. 6 para. 1(b) GDPR).
After final answering of your inquiry, we delete your inquiry with a period of three years after the end of the respective calendar year.
2.4 USAGE OF COOKIES
Persistent cookies store information which may contain personal data from your mobile device. These can for example include the following information: your anonymised IP address, the type of your device, the domain, the browser type and the language used, the operating system, the county and time zone or information about an interaction with our App, such as click behaviour, purchases and preferences.
To maintain a login session, we use so-called session cookies. Session cookies are small information units in which randomly generated identification number, the so-called session ID, is stored. In addition, a session cookie stores information about its origin and the storage period. These cookies cannot store any other data. If you close the App, the session cookies used will be deleted.
The processing of the data is carried out on the basis of legal provisions which authorise the data processing because it is necessary for the intended and comprehensive provision of the App and the functionalities offered thereon (Art. 6 para. 1(b) GDPR).
2.5.1 User profiles
When using our App, we set up user profiles using cookies for the purpose of advertising, market research or a demand-oriented design of our App. We only use usage data based on pseudonyms. These are in particular features to identify the user (pseudonym) and information about the beginning, the end and the scope of the use of our App.
You can prevent storing of tracking data by switching the button “Allow app usage reports” to off in the App settings. If you do not accept cookies, however, this can lead to functional restrictions of our services.
The processing of the data is carried out on the basis of legal provisions which authorise the data processing because we have a legitimate interest regarding a demand-oriented design as well as the statistical evaluation of our App and the fact that your legitimate interests do not override (Art. 6 para. 1(f) GDPR, Sec. 15 para. 3 TMG).
2.5.2 Google Analytics for Firebase and Crashlytics
We use Google Analytics for Firebase and Crashlytics in our App, anapp analysis service of Google Inc. ("Google"). Google Analytics for Firebase and Crashlytics uses so-called "cookies", i.e. text data files which are stored on your end device and enable an analysis of how you use the App. The information produced by the cookies with regard to your use of this App (including your IP address) is normally transmitted to a server of Google in the USA and stored there. This transmission of data takes place on the basis of a corresponding EU-US privacy shield certification of Google which can be seen at the following address: http://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
Google uses this information on our behalf for the purpose of analysing your use of the App, compiling reports about the App activities and additional services for us involved with the use of the App and the internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
You can deactivate Google Analytics for Firebase and Crashlytics and prevent storing of tracking data by switching the button “Allow app usage reports” to off in the App settings. If you do not accept cookies, however, this can lead to functional restrictions of our services.
The processing of the data is carried out on the basis of legal provisions which authorise the data processing because we have a legitimate interest regarding a demand- oriented design, the statistical evaluation of our App as well as the efficient advertising of our App and the fact that your legitimate interests do not override (Art. 6 para. 1(f) GDPR, Sec. 15 para. 3 TMG).
We use technologies of Amplitude Inc. (www.amplitude.com) to collect and store data for the purpose of marketing and optimization. Amplitude allows us to collect information about your use of our App (e.g. scrolls and touches in our App, including your IP address) and thereby to evaluate and optimise the design of our App. These data are used to create pseudonymous user profiles. For this purpose cookies and other tracking technologies are used. However, user profiles are not merged with data about the bearer of the pseudonym without his or her express consent.
The user can object to the collection and processing of the data for the purpose of app analysis and the creation of user profiles byswitching the button “Allow app usage reports” to off in the App settings.
The processing of the data is carried out on the basis of legal provisions which authorise the data processing because we have a legitimate interest regarding a demand-oriented design, the statistical evaluation of our App as well as the efficient advertising of our App and the fact that your legitimate interests do not override (Art. 6 para. 1(f) GDPR, Sec. 15 para. 3 TMG).
2.6 EMBEDDED VIDEOS IN OUR APP
Our App uses embedded videos from the vimeo.com site operated by Vimeo, Inc. and YouTube, LLC, operated by youtube.com. Operator of the App is respectively Vimeo, Inc. 555 West 18th Street New York, New York 10011, USA ("Vimeo") or YouTube, LCC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). If you click on an embedded video , a connection to the Vimeo or YouTube servers is established. The respective Vimeo or YouTube server is informed of our App you have visited.
If you are logged into your Vimeo or YouTube account, you allow Vimeo or YouTube to associate your surfing behaviour directly with your personal profile.
3 DISCLOSURE OF DATA
A disclosure of your personal data without your express prior consent occurs, in addition to the other instances mentioned in this data protection statement, only in the following cases:
- Personal data will be disclosed to criminal prosecution authorities as well as, if necessary, harmed third parties if necessary to investigate illegal or abusive use of the App. However, this only occurs if there are specific indications for illegal use or misuse. A disclosure can also take place if this serves to enforce the terms and conditions for the use of the App or other agreements or if necessary, to assert, exercise or defend legal claims. Our legitimate interest for the processing is safeguarding the proper functioning of our App and to assert, exercise or defend legal claims, as the case may be.
- We are also required by law to provide information to certain governmental agencies. These are the criminal prosecution authorities, public authorities that prosecute administrative misdemeanors sanctioned with fines and the tax authorities.
- We may have to rely on third party companies and external service providers under contractual relationships which may be located outside the EU or the EEA in order to provide our service, for example, for our customer service or the hosting of the App. In such situations, information will be disclosed to these companies or individual persons, in order to permit the further processing. We carefully select these external service providers and regularly examine them in order to make sure that your privacy is preserved, and the data can only be used for the purposes determined by us. They are also obligated under contracts with us to treat your data exclusively in accordance with this data protection statement as well as the German laws on data protection. To the extent a party outside the EU or the EEA is involved, we make sure that there is an adequate level of data protection, for example, by concluding corresponding contracts or using certifications of the respective recipient that keeps the data.
- During the course of the further development of our business, it is possible that the structure of our company will change by changing the legal form, establishing, purchasing or selling subsidiaries, company divisions or parts of the company. In case of such transactions, the customer information is passed on together with the part of the business which is transferred. We make sure in the case of each disclosure of personal data to third parties as described above that this takes place in accordance with this data protection statement and applicable data protection laws.
4 RIGHTS OF THE DATA SUBJECT
You have the right to obtain information at any time about the data stored about you. You may also be entitled to the following rights in case the respective requirements are met:
- Right to rectification: You have the right to have false personal data concerning you be corrected.
- Right to erasure: You may also request the deletion of your personal data, for example if your data are no longer required for the purposes for which they were collected or otherwise processed.
- Right to restriction of processing: You also have the right to request that the processing of your personal data be restricted; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data between you and us is debated.
- Right to data portability: If we process your personal data to fulfil a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, commonly used and machine-readable format, provided and to the extent that you have made the data available to us.
According to Art. 21 para. 1 GDPR, you may additionally object to data processing on grounds relating to your particular situation. However, this only applies in such cases in which we process data to fulfil a legitimate interest of Leica Camera AG or a third party. If you can state such a ground and we cannot assert a compelling interest worthy of protection in the further processing, we will not process these data for the respective purpose.
This does not affect the other rights of objection described in this data protection statement.
If you wish to have information about your stored personal data, enforce your other rights or if you have questions about how we protect data, you can contact us either by mail (Leica Camera AG, Am Leitz-Park 5, 35578 Wetzlar) or by E-Mail via firstname.lastname@example.org. After final answering of your inquiry, we delete your inquiry with a period of three years after the end of the respective calendar year.
You also have the right to file a complaint at any time with a supervisory authority, in particular a supervisory authority in the Member State where you are staying, working or the place of alleged infringement, if you believe that the processing of personal data concerning you is in violation of applicable data protection laws.
5 DELETION OF DATA
Unless otherwise described in this data protection statement, we will only store your personal data for as long as it is necessary to achieve the purposes stated herein or within the framework of a statutory storage period; in the latter case, we will block your data for other processing.
6 AMENDMENTS TO THIS DATA PROTECTION STATEMENT