TripTastic

Partners

About

FAQ

TripTastic

Privacy

I. General information

1. Responsible party

The original language of the Privacy policy is German. The English translation on our website is provided for informational purposes only and the wording of the original document is binding in all respects.

We, TripTastic GmbH, take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency about the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing, the processing is comprehensible for you as a data subject. Our privacy information therefore explains in detail what personal data is processed by us when you use our website (www. triptastic.guide) and external pages as well as our app (TripTastic), and the associated software solutions, services and functions (hereinafter collectively "Services") (for definitions, see I.2.), unless otherwise specified below. The responsible party within the meaning of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG), and other data protection regulations is the


TripTastic GmbH
Hirschstr. 7
76133 Karlsruhe
+49 (721) 170 291 981
hello@triptastic.guide

Hereinafter referred to as the "responsible party" or "we". We have not appointed a data protection officer. Please note that links on our website and in our app may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.

2. Definitions

From the General Data Protection Regulation (DSGVO)
This privacy policy uses the terms of the legal text of the General Data Protection Regulation (DSGVO). You can view the definitions (Art. 4 DSGVO), for example, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679. For the definition of health data, please refer to Art. 4 No. 15 of the GDPR. If other special categories of personal data are processed, you will find the explanations in Art. 4, 9 (1) DSGVO. If the processed data is personal data about criminal convictions and criminal offenses, you will find the information on this in Art. 10 DSGVO.


Additional definitions:

Cookies and similar technologies:
Cookies are text files that are stored or read by a website on your end device. They contain combinations of letters and numbers in order, for example, to recognize the user and his settings when he reconnects to the website that set the cookie, to enable him to remain logged in to a customer account or to statistically analyze specific usage behavior.


The WebStorage technique allows variables and values to be stored locally in the user's browser cache. The technology includes both the so-called "sessionStorage", which remains stored until the browser tab is closed, and the "localStorage", which is stored in the browser cache until the cache is cleared by the user. The localStorage technique makes it possible, among other things, to recognize the user and his or her settings when our website is called up.
The Advertising ID (on Apple devices: "Identifier for Advertisers", abbreviated to "IDFA"; on Android devices: "Android Advertising ID", abbreviated to "AAID") is an individual device-related alphanumeric string ("digital license plate"). This digital number plate is used for pseudonymized device fingerprinting and tracking of end devices (e.g. smartphones). The identification can serve various purposes and is used, for example, to enable personalized advertising.


Data categories:

When we specify the categories of data processed, we are referring in particular to the following data: master data (e.g., names, addresses, dates of birth), contact data (e.g., e-mail addresses, telephone numbers, messenger services), content data (e.g., text entries, photographs, videos, contents of documents/files), contract data (e.g., subject matter of contract, terms, customer category), payment data (e.g., bank details, payment history, use of other payment service providers), usage data (e.g.. e.g. history on our website/app, use of certain content, access times, contact or order history), connection data (e.g. device information, IP addresses, URL referrer, device, advertising or user ID), location data (e.g. GPS data, IP geolocation, access points); diagnostic data (e.g. crash logs, performance data of the website/app, other technical data for analyzing faults and errors).
Data categories in the Apple "App Store"
Apple requires certain data categories for inclusion in the App Store. For this purpose, Apple has developed its own data categories (see https://developer.apple.com/app-store/app-privacy-details/#data-type-usage). In the table below, you will find an assignment of the data categories specified by Apple to the data categories mentioned above (according to the principle: Apple data category - data category(ies) explained above):

I. General information

1. Responsible party

The original language of the Privacy policy is German. The English translation on our website is provided for informational purposes only and the wording of the original document is binding in all respects.

We, TripTastic GmbH, take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency about the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing, the processing is comprehensible for you as a data subject. Our privacy information therefore explains in detail what personal data is processed by us when you use our website (www. triptastic.guide) and external pages as well as our app (TripTastic), and the associated software solutions, services and functions (hereinafter collectively "Services") (for definitions, see I.2.), unless otherwise specified below. The responsible party within the meaning of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG), and other data protection regulations is the


TripTastic GmbH
Hirschstr. 7
76133 Karlsruhe
+49 (721) 170 291 981
hello@triptastic.guide

Hereinafter referred to as the "responsible party" or "we". We have not appointed a data protection officer. Please note that links on our website and in our app may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.

2. Definitions

From the General Data Protection Regulation (DSGVO)
This privacy policy uses the terms of the legal text of the General Data Protection Regulation (DSGVO). You can view the definitions (Art. 4 DSGVO), for example, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679. For the definition of health data, please refer to Art. 4 No. 15 of the GDPR. If other special categories of personal data are processed, you will find the explanations in Art. 4, 9 (1) DSGVO. If the processed data is personal data about criminal convictions and criminal offenses, you will find the information on this in Art. 10 DSGVO.


Additional definitions:

Cookies and similar technologies:
Cookies are text files that are stored or read by a website on your end device. They contain combinations of letters and numbers in order, for example, to recognize the user and his settings when he reconnects to the website that set the cookie, to enable him to remain logged in to a customer account or to statistically analyze specific usage behavior.


The WebStorage technique allows variables and values to be stored locally in the user's browser cache. The technology includes both the so-called "sessionStorage", which remains stored until the browser tab is closed, and the "localStorage", which is stored in the browser cache until the cache is cleared by the user. The localStorage technique makes it possible, among other things, to recognize the user and his or her settings when our website is called up.
The Advertising ID (on Apple devices: "Identifier for Advertisers", abbreviated to "IDFA"; on Android devices: "Android Advertising ID", abbreviated to "AAID") is an individual device-related alphanumeric string ("digital license plate"). This digital number plate is used for pseudonymized device fingerprinting and tracking of end devices (e.g. smartphones). The identification can serve various purposes and is used, for example, to enable personalized advertising.


Data categories:

When we specify the categories of data processed, we are referring in particular to the following data: master data (e.g., names, addresses, dates of birth), contact data (e.g., e-mail addresses, telephone numbers, messenger services), content data (e.g., text entries, photographs, videos, contents of documents/files), contract data (e.g., subject matter of contract, terms, customer category), payment data (e.g., bank details, payment history, use of other payment service providers), usage data (e.g.. e.g. history on our website/app, use of certain content, access times, contact or order history), connection data (e.g. device information, IP addresses, URL referrer, device, advertising or user ID), location data (e.g. GPS data, IP geolocation, access points); diagnostic data (e.g. crash logs, performance data of the website/app, other technical data for analyzing faults and errors).
Data categories in the Apple "App Store"
Apple requires certain data categories for inclusion in the App Store. For this purpose, Apple has developed its own data categories (see https://developer.apple.com/app-store/app-privacy-details/#data-type-usage). In the table below, you will find an assignment of the data categories specified by Apple to the data categories mentioned above (according to the principle: Apple data category - data category(ies) explained above):

DATA CATEGORY APPLE STORE

DATA CATEGORY APPLE STORE

Contact Information:
Name (e.g., first and last name); Email address (In clear and hashed form); Phone number (In clear and hashed form); Address (including, but not limited to, city of residence, shipping address); Other user contact information (any data that allows the user to be contacted outside of the app).

Master data, contact details

Health and fitness: Health (health data and medical data); fitness (fitness and exercise data).

Content data, usage data, health data within the meaning of Art. 4 No. 15 GDPR

Financial Information:  Payment information (type of payment, credit card information, bank information); Credit information (credit score data); Other financial information (health data and medical data).

Payment information

Location: Exact location (information about the user's or device's location via latitude and longitude, with a minimum resolution of three or more decimal places); Coarse location (information about the user's or device's location with a lower resolution than for the exact location; e.g., "Approximate Location Service).

Locations

Sensitive Information: Racial or ethnic origin data; sexual orientation, pregnancy or childbirth information, disability; religious or ideological beliefs, union membership, political opinion, genetic information or biometric data.

Data from which special categories of personal data within the meaning of Article 9 (1) of the GDPR can be derived directly or indirectly (e.g. master data, content data, usage data, depending on the specific facts)

User content: emails and text messages (subject line, sender, recipients of emails and other messages); photos or videos (photos and videos of the user); audio data (voice and sound recordings of the user); gameplay content (e.g., user-generated content); customer support (data generated by the user during a support request); other user content.

Content data, usage data

Browsing history: Information about content the user has viewed that is not part of the app (e.g. websites).

Content data, usage data

Search history: Information about searches in the app

Content data, usage data

Identifiers: User identifier (e.g., screen name, account ID, assigned user ID, customer number, or other ID); Device ID (e.g., the device's advertising identifier or other device-level ID).

Contact information, connection data

Purchases: Purchases or buying tendencies of an account or an individual.

Master data, contact information, content data, usage data (depending on the facts of the case)

Usage data: Interaction with the App (including launching the App, click and scroll behavior, other information about interaction with the App); Advertising Data (information about the advertisements the user has seen); Other Usage Data (other data about the user's usage activities in the App).

Usage data, possibly content data (depending on the facts)

Diagnostic data: Crash data (e.g., crash logs); Performance data (e.g., startup time, hang rate, or endpoint power consumption); Other diagnostic data (other data collected for measurement and technical diagnostics related to the app).

Diagnostic data

Other data: Other data that cannot be assigned to any of the above categories.

Generally, the data is assigned to the named data categories. In individual cases, you may find more specific information on the data categories below.

3. Data processing information

We process personal data only to the extent permitted by law. Personal data is only passed on in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption). Unless we are required by law to store or disclose personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process and for how long, and the extent to which we disclose it, depends on which functions of the website you use in each individual case.

4. Duration of storage

The personal data will be deleted as soon as the purpose of the processing ceases to apply or a prescribed storage period expires, unless there is a necessity for the continued storage of the personal data for the conclusion or fulfillment of a contract.

5. Automated decisions in individual cases including profiling

Automated decisions in individual cases, including profiling, do not take place.

6. Rights of data subjects

As an affected person, you have the right to information according to Art. 15 (DSGVO), the right to correction according to Art. 16 (DSGVO), the right to deletion according to Art. 17 (DSGVO), the right to restriction of processing according to Art. 18 (DSGVO) and the right to data portability according to Art. 20 (DSGVO). With regard to the right to information and the right to erasure, the restrictions from §§ 34, 35 BDSG apply.
You have the right to complain to a data protection supervisory authority (Art. 77 (DSGVO) in conjunction with Section 19 of the BDSG).
The data protection supervisory authority responsible for us/ for our head office is:

Baden-Württemberg
Königstraße 10a
70173 Stuttgart

However, you are free to complain to another data protection supervisory authority.
You can find a list of supervisory authorities at: https://www.bfdi.bund.de/ (under Infothek/Addresses and Links).

7. Notification obligations of the responsible party

We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of processing in accordance with Articles 16, 17(1) and 18 of DSGVO, unless such notification is impossible or involves a disproportionate effort. We will inform you of the recipients if you request this.

8. Obligation to provide

Unless otherwise explained below in the information on the legal basis, you are not obliged to provide personal data. In the cases of Art. 6 paragraph 1 letter b of the General Data Protection Regulation (DSGVO), however, the personal data is necessary for the performance of a contract or for the conclusion of a contract. If you do not provide the personal data concerned, the performance or conclusion of the contract is not possible. If you do not provide the data in the cases of Art. 6 (1) a, f of DSGVO, it is not possible to use the affected parts of our website.
In order to make use of the services and functions of our app explained here, access rights to the following interfaces, device functions and data of your end device may be required:

-Location services (location data)
-Motion & Fitness
-Tracking (Advertising ID)

You are not required to grant the permissions. However, use of the services and functions is then not possible or only possible to a limited extent.

9. Right of objection and withdrawal of consent

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the General Data Protection Regulation (DSGVO). If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. In accordance with Art. 7 (3) p. 1 DSGVO, you have the right to revoke your consent at any time with effect for the future informally by mail or e-mail. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. Upon your revocation, we will delete the personal data processed on the basis of the consent if there is no other legal basis for its processing. Objection and revocation can be made form-free and should be directed to the contact details above. You can also stop the processing of personal data concerning you by deactivating the respective data processing services directly in the app settings. For this purpose, deactivate the option "Help TripTastic improve". However, this does not amount to a revocation as described above. The data collected up to this point will not be deleted in this case. Please also note that you must do this on every end device on which you have installed the app and consented to data processing.

II. Data processing in connection with the use of our app​

The use of the App and its functions regularly requires the processing of certain personal data.

Operation of our app "TripTastic"

Purpose of processing: Functionality and optimization of the app to provide the contractual service (integration of maps, retrieval of Wikipedia entries according to your interests and queries, processing of your location data to offer you the appropriate audio guide suggestions); ensuring the security of our information technology systems.
Legal basis: Art. 6 para. 1 lit. b, f DSGVO
Data categories: Connection data, usage data, location data and content data (depending on the type of usage).
Recipients of the data: Service providers for the integration of the required app functions (hosting, integration of maps, integration of voice output)
Intended third country transfer: USA and other third countries (based on the EU Commission's standard data protection clauses, Article 46(2)(c) DSGVO or, if applicable, on the basis of adequacy decisions (Article 45 DSGVO))
Do we store or read out personal data on your end device based on your consent? No.

Using the "Send feedback" and "TripTastic Insider Program" function

Purpose of processing: opening the possibility for users of our app to report problems with the app via email; improving the functionality and security of our app. Participation in the beta program of the app, as well as related contact via email.
Legal basis: Art. 6 para. 1 lit. f DSGVO
Data categories: Contact data, connection data, usage data, location data and content data (depending on the type of usage).
Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland
Intended third country transfer: On a case-by-case basis, USA and other third countries (based on the EU Commission's standard data protection clauses, Article 46(2)(c) DSGVO or, where applicable, on the basis of adequacy decisions (Article 45 DSGVO))
Do we store or read out personal data on your terminal device based on your consent? No

Adjust (analysis of app usage)

Purpose of processing: Statistical evaluation; optimization and needs-based design of our app based on your click and usage behavior. Sharing of usage data for advertising purposes (see "Personalized advertising"), provided you have given your consent for this.
Legal basis: Art. 6 para. 1 letter a DSGVO
Data categories: Usage data, connection data
Receiver of the data: Adjust GmbH. Saarbrücker Str. 37A 10405 Berlin; if applicable, advertising partners (see "Personalized advertising")
Intended third country transfer: In individual cases, USA (based on the standard data protection clauses of the EU Commission, Art. 46 para. 2 lit. c DSGVO)
Do we store or read out personal data on your end device based on your consent? Yes (reading of the advertising ID stored in the end device)

Personalized advertising

Purpose of processing: Optimization of our marketing activities by playing out personalized advertisements in selected advertising networks based on your pseudonymized recorded usage behavior (see "Adjust (analysis of app usage)" and "Google Firebase (Analytics)". For this purpose, we pass on the pseudonymized usage behavior and the advertising ID to our advertising partners.
Legal basis: Art. 6 para. 1 letter a DSGVO
Data categories:Usage data, connection data
Receiver of the data: Adjust GmbH. Saarbrücker Str. 37A 10405 Berlin; advertising partners (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (Facebook Ads), Apple Distribution International Ltd. ("ADI") Hollyhill Industrial Estate, Hollyhill, Cork, Ireland (Apple Search Ads), Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland (Google Ads), TikTok Technology Limited (Ireland), 10 Earlsfort Court Dublin 2 DUBLIN, D02 AK70 Ireland (TikTok Ads), Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07,Ireland (Twitter Ads)
Intended Third Country Transfer: For the serving of personalized advertising on a case-by-case basis, USA and other third countries (based on the EU Commission's standard data protection clauses, Article 46(2)(c) of the GDPR or, where applicable. on the basis of adequacy decisions (Article 45 DSGVO))
Do we store or read out personal data on your end device based on your consent? Yes (reading of the advertising ID stored in the end device)

Google Firebase (Analytics)

Purpose of processing: Statistical evaluation; optimization and needs-based design of our app based on your click and usage behavior. Sharing of usage data for advertising purposes (see Advertising partners (see "Personalized advertising"), provided you have given your consent for this.
Legal basis: Art. 6 para. 1 letter a DSGVO
Data categories: Usage data, content data, connection data
Receiver of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland; if applicable, advertising partners (see "Personalized advertising")Intended third country transfer: In individual cases, USA and other third countries (based on the EU Commission's standard data protection clauses, Article 46(2)(c) DSGVO or, if applicable, on the basis of adequacy decisions (Article 45 DSGVO)
Do we store or read out personal data on your terminal device based on your consent? No

Smartlook (analysis of app usage)

Purpose of processing: Statistical evaluation; Optimization and needs-based design of our app based on your click and usage behavior.
Legal basis: Art. 6 Para. 1 Letter a GDPR
Data categories: usage data, connection data
Data recipient: Smartlook.com, s.r.o., Šumavská 524/31, Veveří, 602 00 Brno, Czech RepublicIntended transfer to a third country: In the individual case the Czech Republic (based on the standard data protection clauses of the EU Commission, Art. 46 Para. 2 lit. c GDPR)
Do we store or read out personal data on your end device based on your consent? No

Google OAuth 2.0 (User Registration)

Purpose of processing: registration as a user in TripTastic using an existing Google account.
Legal basis: Art. 6 para. 1 letter a GDPR.
Data categories: Contact details
Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland.
Intended third country transfer: m individual case USA and other third countries (based on the EU Commission's standard data protection clauses, Article 46(2)(c) GDPR or, where applicable, on the basis of adequacy decisions (Article 45 GDPR)).
Do we store or read out personal data on your end device based on your consent? No

III. Data processing in connection with the use of our website

The use of the website and its functions regularly requires the processing of personal data.

Provision of the website

Purpose of processing: Functionality of the website, as well as ensuring the security of our information technology systems for purely informational use of our website.
Legal basis: Art. 6 para. 1 lit. f DSGVO
Data categories: Connection data
Receiver of the data: Webflow, Inc.398 11th Street, 2nd Floor San Francisco, CA 94103
Intended third country transfer: None
Do we store or read personal data on your terminal device based on your consent? No

Contact us (e-mail and contact form)

Purpose of processing: Processing of your contact request.
Legal basis: Art. 6 para. 1 letter f DSGVO; if applicable Art. 6 para. 1 letter b DSGVO (if it is a contract-related request)
Data categories: If applicable, master data, contact data, content data, if applicable, usage data, if applicable, contract data (depending on the type of request).Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland
Intended third country transfer: In individual cases, USA and other third countries (based on the EU Commission's standard data protection clauses, Article 46(2)(c) DSGVO or, if applicable, on the basis of adequacy decisions (Article 45 DSGVO))
Do we store or read out personal data on your terminal device based on your consent? No

Google fonts

Purpose of processing:To personalize our website by using fonts loaded from Google servers.
Legal basis: Art. 6(1)(f) DSGVO
Data categories: Connection data
Receiver of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland
Intended third country transfer: None
Do we store or read personal data on your terminal device based on your consent? No

IV. Data processing in connection with the use of our external sites

We operate the following external sites, the use of which regularly requires the processing of personal data.

Facebook

Purpose of the processing: We have set up a page about our company ("Facebook page") on the "Facebook" platform under the address https://www.facebook.com/triptastic.guide. When you access this page, Meta processes personal data from you. We receive statistics on the use of this page derived from this data.
Legal basis: Art. 6 para. 1 letter f DSGVO
Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable.
Receiver of the data: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") (as joint controller, Art. 26 DSGVO - the essence of the agreement can be found at here.
Intended third country transfer: On a case-by-case basis, USA and other third countries (based on the EU Commission's standard data protection clauses, Art. 46(2)(c) DSGVO and based on adequacy decisions (Art. 45 DSGVO))
Do we store or read out personal data on your terminal device based on your consent? No
Data subject rights: Meta is responsible for implementing your data subject rights. Meta will inform you about your data subject rights at https://www.facebook.com/policy.php. You can also assert your rights against us; we will then forward your request to Meta immediately.

Instagram

Purpose of the processing: We have set up a profile about our company ("Instagram profile") on the platform "Instagram" at the address https://www.instagram.com/triptastic.guide. When you access this profile, Meta processes personal data about you. We receive statistics about the use of this page derived from this data.
Legal basis: Art. 6 para. 1 letter f DSGVO
Data categories: Master data, contact data, content data, usage data, connection data, location data if applicable.
Receiver of the data: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") (as joint controller, Art. 26 DSGVO - the essence of the agreement can be found at https://help.instagram.com/519522125107875)
Intended third country transfer: On a case-by-case basis, USA and other third countries (based on the EU Commission's standard data protection clauses, Art. 46(2)(c) DSGVO and based on adequacy decisions (Art. 45 DSGVO))
Do we store or read out personal data on your terminal device based on your consent? No
Data subject rights: Meta is responsible for implementing your data subject rights. Meta will inform you about your data subject rights at https://www.facebook.com/policy.php. You can also assert your rights against us, we will then forward your request to Meta immediately.

Twitter

Purpose of processing: We have set up a profile for our company ("Twitter profile") on the platform "Twitter" at the address https://twitter.com/triptastic_app. When you access this profile, Twitter processes personal data about you. We receive statistics on the use of this site derived from this data.
Legal basis: Art. 6 para. 1 letter f DSGVO
Data categories: Content data, usage data, location data if applicable
Receiver of the data: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07,Ireland (as joint controller, Art. 26 DSGVO - the essence of the agreement can be found at https://gdpr.twitter.com/en/controller-to-controller-transfers.html)
Intended third country transfer: On a case-by-case basis, USA and other third countries (based on the EU Commission's standard data protection clauses, Art. 46(2)(c) DSGVO and based on adequacy decisions (Art. 45 DSGVO))
Do we store or read out personal data on your terminal device based on your consent? No
Data subject rights: Twitter is responsible for implementing your data subject rights. Twitter will inform you about your data subject rights at https://twitter.com/en/privacy. You can also assert your rights against us, we will then forward your request to Twitter immediately.