Personal data is processed in accordance with the GDPR. It is only processed after the user has given consent for this by accepting this privacy policy. The only exception is the case where processing of data is legally allowed without the user given consent. This can for example be the case when the processing is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
Any user related data is deleted shortly after the purpose for storage does not apply anymore. Data is also deleted in case a legal obligated storage period exceeds except when further storage is necessary by another legal obligation or for the performance of a contract in which the user is a participant.
Leif Both
Moritzstraße 37
44807 Bochum
Germany
Phone: +49 15206596155
E-Mail: leif.both@leifhacks-apps.com
The app requires some permissions to work properly.
A core functionality of the app is to request data via the internet. This requires the corresponding permission for internet connectivity.
The app offers the possibility to purchase a premium version of the app with additional functionalities. For this, it requires the corresponding permission for in-app purchases.
The user is able to create a support ticket via the app. In order to be notified via push notifications in case of a response to the ticket, the user can grant the corresponding permission for push notifications. If the permission is not granted, no notification is sent to the user's device.
The user can create a photo to use the AR function, which allows a generated tattoo to be placed on a photographed body part. To do this, the user can grant the corresponding permission for camera access. If permission is not granted, no photos can be taken and the AR function cannot be used.
Any information about tattoos in the "My Tattoos" collection or created photos are stored on the device.
Processing of above described data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
Storing data on the device is required so it is available permanently (e.g. after restarting the device). This is mandatory for the app to work.
All processed data is stored as long as the app is installed or the user manually removes the data via the device's storage settings.
Any processed data stored on the device can be removed anytime via the device's storage settings or by uninstalling the app.
Search requests can be used to find tattoos online. Generation Requests let the user generate custom tattoo designs.
Search requests & generation requests are sent to the app server. No data beyond that specified in X. and XI. is stored.
Above mentioned personal data is only processed after the user has given consent.
See IX. and X. for more details.
See IX. and X. for more details.
See IX. and X. for more details.
In the scope of in-app purchases the Google Play Store (for the Android app) or App Store (for the iOS app) are processing data. This covers especially data related to electronic payment. The data is processed locally by the app and stored on the device.
Further information on Google resp. Apple and privacy can be found here:
https://policies.google.com/privacy
https://www.apple.com/legal/privacy/
Purchase details are furthermore sent to the app server. This includes purchase id, product id, status and date of purchase but no data related to electronic payment
Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
Processing of above mentioned data is responsible to verify in-app purchases as well as the determination which contents have been bought in order to provide them adequately to the customer.
Further information on the storage time can be found on the Privacy Page of Google resp. Apple:
https://policies.google.com/privacy
https://www.apple.com/legal/privacy/
The data stored on the app server is deleted in case they are not necessary for the initial purpose anymore.
The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.
After the app’s installation a random token is generated which is uniquely identifies the current installation of the app. This token is necessary to receive push notifications or to associate other data with the device.
Push notifications are send by the app's Server to the Google Firebase servers in order to forward them to the associated device. Firebase is used as a transmitter only and cannot make any conclusions about the user. For further information about Google Firebase & Privacy please refer to:
https://policies.google.com/privacy
Token, device language, operating system (Android/iOS) as well as settings for push notifications (e.g. time of desired notifications) are sent to the server and stored so that notifications can be delivered as desired.
Above mentioned personal data is only processed after the user has given consent.
Processing of above mentioned data is required to deliver push messages correctly.
Further information on the storage time can be found on the Privacy Page of Google:
https://policies.google.com/privacy
The user can deny the permission to send notification.
Support tickets created by the user as well as the message history are stored on the app server. In addition, device related data is stored in case permission for this is granted by the user. This includes the used Firebase Cloud Messaging Token or purchase information. This data is not stored together with other user related data like mail address or user name.
Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
The temporary storage of support tickets is required to allow replying to the requests. Device related data is required to identify potential errors and bugs. They are NOT used for marketing purposes.
The data is deleted in case they are not necessary for the initial purpose anymore.
The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.
Some user interactions are processed on the app server. This contains information about consent to this privacy policy, app openings, onboarding activities or pricing page accesses. Besides the Firebase Cloud Messaging Token no personal data is processed and stored for this purpose.
Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
The processing and storage of the data described above is necessary to securely prove the purchase of in-app products or the consent of the user.
The data is deleted in case they are not necessary for the initial purpose anymore.
The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.
The “TattooInk – Tattoo Designs App” Server stores anonymized data about access into log files. The following data is logged:
- Date and time of the access
- On requesting this privacy policy in the browser: used browser and OS, used device
- Used IP
This data is not stored together with other user related data. The user’s IP is anonymized for long term storage.
Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
The temporary storage of the full IP address for the current session is mandatory in order to deliver the requested data to the user’s device.
The log files are stored in order to ensure the functionality of the server. They are used to identify potential errors and bugs, for optimization purposes and to ensure the security of the IT system. They are NOT used for marketing purposes.
The data is deleted in case they are not necessary for the initial purpose anymore. In case of session data this is the case after the session has ended. Log files are deleted after 14 days at the latest.
The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.
The “TattooInk – Tattoo Designs App” server is hosted by Netcup GmbH. The server is located in Germany. Netcup may store data about server accesses.
More information about Netcup and privacy can be found here:
https://www.netcup.de/kontakt/datenschutzerklaerung.php
Processing of data is a legitimate interest of the data controller and this interest is not overridden by rights, interests or freedom of the user.
Information on the purpose of data processing can be found on Netcup's privacy page:
https://www.netcup.de/kontakt/datenschutzerklaerung.php
You can find information about the duration of storage on Netcup's privacy page:
https://www.netcup.de/kontakt/datenschutzerklaerung.php
The processing of above mentioned data is mandatory. Thus, there is no possibility for objection.