Privacy policy

updated on 21.03.2020

1) General information and scope of application

We, Nebelflucht GmbH ("we ", "our " or "us ") collect, process and use personal data of users ("users ", "your " or "you ") only in compliance with the existing data protection regulations. The legal framework for data protection is provided by the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The protection of personal data is an important concern for us. In the following, you will learn which personal data can be created in which way in the TotoGo app ("app") or by using our services and how you maintain control over your data.

1.1 We act upon the principle of thrift data

We collect, process and use data according to the principle of thrift data. The submission of personal data in the app is voluntary and is limited exclusively to the purpose-related scope. We store personal data in accordance with the principles of data avoidance and thrift of data only as long as it is necessary or legally prescribed.

If the purpose ceases to apply and there is no obligation to retain data, we will block or delete the data in due time. Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is article 6 (1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

1.2 You're in control of your data

You have the right at any time to delete your user account from within the app (in "profile" view). With this action all personal data will be irrevocably deleted, unless they are required for the performance of an existing contract or are subject to the legal obligation to retain data. If technically necessary, personal data will be anonymised instead of deleted.

You have the right at any time to free information about the personal data stored by us. A corresponding contact is available to you for these purposes:

Nebelflucht GmbH
Gerichtstr. 12-13, Aufgang 6
Berlin, 13347
info@toto.io

1.3 Encrypted data transmission

The app uses SSL encryption for security reasons and to protect the transmission of personal data and other confidential content.

2) Areas of application for personal data

2.1 Logging information

When the app accesses Toto's services, information is automatically stored on our servers. This information is of a general nature and cannot be traced back to you personally. These so-called log files contain the following information:

  • date
  • amount of data
  • operating system
  • domain name of your internet provider
  • IP address

This data is exchanged through every communication between devices on the Internet. The collection of the data is therefore absolutely necessary.

We reserve the right to subsequently check any log files that have arisen in the event of suspicion of illegal use of the offer. If necessary, we can also use this data to optimise our offer or for our own statistical purposes.

2.2 Cookies

The app uses so-called cookies; text files that are stored on your device. These are only used to authenticate you as a user and do not contain any personal data.

2.3 Contact

If you contact us through the contact options offered, your data will be stored for a period of six months so that it can be used to process and answer your enquiry and in the event of follow-up questions. This data will not be passed on to third parties.

2.4 Analyse services

We do not use analysis services such as Google Analytics.

2.5 Toto specific data processing

The app allows you as a user to consume content hosted on Toto. The data generated during use is stored and can be viewed by the authors for evaluation purposes. Your related usage data will be saved as long as the corresponding contents are kept public.

The processing of Toto specific data is the core of Toto and is therefore carried out in accordance with article 6 (1)(f) GDPR.

2.5.1 User account data

In the registration process we collect your email address. Optionally you can upload an avatar.

2.5.2 User data

Each of your content-specific interactions generates a log entry that can be viewed by the authors.

When you team up with other users, they will also receive information about your actions.

2.5.3 Device data

The app uses different services of your device.

Camera

The camera is used to scan QR codes and take photos for creating user input (e.g. profile pictures). This data is stored on our servers.

Within iOS and Android (version 6 or higher) you can control access to the camera in the app settings.

Geolocation

Geolocation is used to show you your current position on the map or to display location-specific content. With every request for this content, which you as a user have to execute manually, the app transmits your location data to our servers, where it is evaluated and stored in relation to the usage history.

Within iOS and Android (from version 6) you can control the access to the geolocation in the app settings.

Compass / device orientation

The device orientation along the x, y and z axes (rotation around all device axes) is used to show you the "viewing direction" on the map. This information remains on your device and is not shared with our servers or third party service providers.

Local files / media

Read access to local files or media is used to create user input (e.g profile pictures). This data is stored on our servers.

Within iOS and Android (from version 6) you can control the access to local files / local media in the app settings.

2.6 Services and contents of third party providers

The app also includes services of third parties.

2.6.1 Social-Media-Plugins

The app uses the embedding function for media, interactive contents of the following third party providers:

  • YouTube (operator: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), privacy policy
  • Vimeo (operator: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA), privacy policy
  • SoundCloud (operator: SoundCloud Limited Rheinsberger Str. 76/77 10115 Berlin, Deutschland), privacy policy
  • MixCloud (operator: Mixcloud Limited, 447 - 453 Hackney Road, London, E2 9DY, UK), privacy policy

You have to activate the embedding by tapping on the button "show". A corresponding note will inform you about the exchange of data with the third party provider. Activation represents your explicit consent to this data exchange.

When you request this data, your IP address (personal data) is sent to the provider's servers. The provider also uses cookies to collect information about user behaviour. We have no influence on the extent to which this information is stored and processed by the provider.

Google LLC and Vimeo Inc. are certified for the EU-U.S. Privacy Shield Agreement, which ensures compliance with data protection standards applicable in the EU.

For more information about the scope, nature and purpose of data processing and about rights and privacy settings please refer to the links above to the relevant privacy statements.

2.6.2 Other contents from third party providers

The app also uses content from the following third-party providers:

  • CartoDB (operator: CartoDB Inc., 201 Moore St Brooklyn, NY 11206, USA), privacy policy

When you request this data, your IP address (personal data) is sent to the provider's servers. We have no influence on the extent to which this information is stored and processed.

CartoDB Inc. is certified for the EU-U.S. Privacy Shield Agreement, which ensures compliance with data protection standards applicable in the EU.

For more detailed information about the scope, type and purpose of data processing and about rights and setting options to protect your privacy, please refer to the links listed above to the corresponding privacy policies.

3) Reservation of changes

Technology is subject to constant change. We try to check innovations and updates of existing applications for their compatibility with the legal requirements. This may also mean that we must constantly change or expand our privacy policy. We therefore reserve the right to change our data protection declaration. The new data protection declaration will then take effect the next time you use our services.