Data Privacy HNGRY App
What does this privacy notice govern?
We attach great importance to the protection and security of your personal data. Therefore, we consider it vital to inform you in the following about which of your personal data we process for what purpose and what rights you have in respect of your personal data.
This data protection notice is subject to the DSGVO and any applicable data protection laws of Switzerland.
The HNGRY app
The HNGRY app is a shopping-list app in which you can create and edit your own shopping lists and share them with other HNGRY app users. The HNGRY app is intended to help you with your food planning. You can share the lists you created with friends and family at any time so you can better organize your shopping. The HNGRY app offers you a range of features such as the foods you buy the most frequently, the rhythm you consume them in and thus when you need to stock up on them again. Registration on the app is done via our HNGRY login or a Social Login from the providers Google, Facebook or Apple. We also offer you a guest login without any registration.
The xtraHNGRY storage
Products that you have marked as bought in your shopping list are automatically added to your storage. These are automatically assigned to the appropriate storage location you have at home and you will also receive information about how long they are likely to be fresh and in stock. If necessary, you can easily adjust the storage location and the expiration time *.
Our Smart Availability algorithm uses your usage history and smartly combines it with expert knowledge of food storage. Thanks to various sorting and filtering options *, you can find out more quickly what you still have at home, what is probably no longer in stock or edible and what you should buy again. With just one click * you can add products that need to be bought again to your shopping list.
Functions that are marked with * can only be used if you have subscribed to xtraHNGRY and are therefore subject to payment.
HNGRYnsite powered by Liebherr
The HNGRYnsite powered by Liebherr camera (hereinafter also referred to as “camera”) is a modular camera that can be integrated into all refrigerators. The camera enables you to display a current image of your visible refrigerator contents. The HNGRY app and a login to the HNGRY app is required to use the camera.
General information
What is personal data and what does processing mean?
- “Personal data”(hereinafter also referred to as “data”) is any information that says something about a natural person. Personal data is not only information that makes a direct reference to a specific person (such as the name or e-mail address of a person), but also information with which, given appropriate additional knowledge, a reference to a specific person can be made.
- “Processing” means any measures taken in relation to your personal data (such as the collection, recording, organisation, ordering, storage, use or deletion of data).
Who is the controller for the processing of your data?
The controller for the processing of your data is:
Liebherr-Hausgeräte GmbH
Memminger Straße 77-79
88416 Ochsenhausen
Deutschland
Telephone: +49 7352 928-0
E-mail: privacy.appliances@liebherr.com
How can you contact our data protection officer?
Our data protection officer can be reached using the following contact details:
Corporate Privacy
Liebherr-IT Services GmbH
St. Vitus 1
88457 Kirchdorf an der Iller
Deutschland
E-mail: datenschutz@liebherr.com
What rights do you have as a data subject?
Within the provisions of the legislation, as the data subject you have the right to:
- Information about your data;
- The correction of incorrect data and the completion of incomplete data;
- Deletion of your data, particularly if (1) it is no longer necessary for the purposes stated in this data privacy policy, (2) you withdraw your consent and there is no other legal basis for the processing, (3) your data has been unlawfully processed or (4) you have objected to the processing and there are no overriding legitimate grounds for the processing;
- Restriction of the processing of your data, particularly if the accuracy of the data is contested by you or the processing of your data is unlawful and instead of deletion you demand restriction of use;
- Object to processing of your data based on legitimate interests on grounds arising from your particular situation, or, without specific justification, to processing of your data carried out for direct marketing purposes; unless it is an objection to direct marketing, we ask that you explain the reasons why we should not process your data as we may do, when you lodge an objection. In the event of your reasoned objection, we will examine the merits of the case and cease processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
- Receive your data in a structured, commonly used and machine-readable format and the right to have your information transferred by us directly to another controller;
- Withdraw consent, if you have given us consent for processing. Please note that the withdrawal of your consent shall not affect the legality of the processing carried out on the basis of your consent until the withdrawal.
If you seek to assert the above rights, kindly note that we may require you to provide proof to establish that you are the person who you say you are.
Furthermore, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data infringes the GDPR.
Links to other websites
Our app may contain links to and from websites of other providers not affiliated with us (“third parties”). After clicking on the link, we no longer have any influence on the processing of any data transmitted to the third party when the link is clicked (such as the IP address or the URL on which the link is located), as the behavior of third parties is naturally beyond our control. Therefore, we cannot assume any responsibility for the processing of such data by third parties.
Links to social networks and messenger services
Our app may contain links to share content from our app on various social networks and/or messenger services. The established links do not result in any data being transmitted to providers of social networks or messenger services while you are using our app. Only when you click on one of the links to share content from our app will data (such as your IP address or the URL on which the link is located) be transmitted to the respective provider of the social network or messenger service. We have no influence on further data processing by the respective provider of the social network or messenger service.
Data processing
Download and call of the HNGRY app
When the HNGRY app is downloaded or used on your mobile device, the app transmits the following data to our web servers, which we store in so-called log files:
What data do we process and for what purpose?
We process the following data:
- Your IP address
- Date and time of access to the HNGRY app
- Domain name of your internet access provider
- The type and version of browser used by you and the operating system used by you
- URL (address on the internet) of the website you were on at the time of the call-up
- The files you retrieve via the respective app (type of access, name of the retrieved file, URL of the retrieved file, success of the retrieval)
- The amount of data transferred to you when visiting the HNGRY app
We process this data in principle only for the purpose of ensuring stability as well as network and information security.
Processing for other purposes occurs only if the requisite legal conditions pursuant to Art. 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13(3) GDPR and Art. 14(4) GDPR.
On what legal basis do we process your data?
Processing for other purposes may only be considered if the necessary legal requirements pursuant to Article 6 para. 4 GDPR are met.
Our legitimate interests pursued are the improvement and maintenance of the stability or functionality and the security of our website.
You have the right to object, on grounds relating to your particular situation, at any time to processing based on Article 6 para. 1 point f GDPR.
Registration / Authentication of the HNGRY app
We collect the following data during registration and authentication within the HNGRY app:
What data do we process and for what purpose?
During registration and use without the use of a social login, we process the following data:
- Your unique identifier (UPN)
- The data you provided during the registration / authentication process
- IProtocol data such as registration date and date and time of the last successful login
During registration and use using an existing account with Apple, Facebook or Google (social login), we process the following data: Social login identifier and the social login provider
Notice: If you register with a social login from Apple, Facebook or Google, the social login provider sends us data in addition to a so-called unique identifier (UPN), such as your first and last name (all providers), your profile picture (Facebook) and the link to your Google Plus profile (Google), if you have activated this settings by the respective social login provider. We do not process this data for any purposes.
These data are in principle processed by us solely for the purpose of registration / authentication on our HNGRY app.
Processing for other purposes occurs only if the requisite legal conditions pursuant to Art. 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13(3) GDPR and Art. 14(4) GDPR.
On what legal basis do we process your data?
The processing of your data is carried out for the performance of a contract or in order to take steps prior to entering into a contract pursuant to Article 6 para. 1 point b GDPR.
Usage of the HNGRY app / of the xtraHNGRY storage
We collect the following data during use of the HNGRY app:
What data do we process and for what purpose?
We process the following data:
- Name of shopping lists, products/product categories
- Content of notes and product quantity and unit information
- Permissions for shared shopping lists
- Log information including for adding, amending, deleting (purchasing) products, shopping lists, notes, quantity and unit information, corrections
- Usage of the free text input in the product search box
- Usage of the Share button is pressed, Date and time of switching to other shopping lists, Date and time of when a shopping list was exited, Date and time of the change of the sort order of a shopping list
- Name of products entered
- Pictures / photos of the products
- Notice: The pictures / photos only represents personal data in connection with the metadata. In Accordance with our terms of use, you agree to transmit to the HNGRY app or take with the camera only pictures / photos of food and products that do not contain or present any personal data (e.g. name tags on food containers or pictures / photos of people) or sensitive personal images (e.g. medicines). You can find the terms of use here: https://iamhngry.com/en/terms
- Firebase token (identifier of the app)
We collect the following additional data during use of the xtraHNGRY storage:
- Storage profile (such as refrigerator, freezer, zero-degree zone, dry storage)
- Purchased products of a shopping list of the HNGRY App
These data are in principle processed by us solely for the usage of the HNGRY app and / or the xtraHNGRY storage.
Processing for other purposes occurs only if the requisite legal conditions pursuant to Art. 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13(3) GDPR and Art. 14(4) GDPR.
Our legitimate interests are offering vouchers/discounts to market products from the Liebherr home appliance division.
You have the right to object, on grounds relating to your particular situation, at any time to processing based on Article 6 para. 1 point f GDPR.
On what legal basis do we process your data?
Processing for other purposes may only be considered if the necessary legal requirements pursuant to Article 6 para. 4 GDPR are met. In that case, we will of course comply with any information obligations pursuant to Article 13 para. 3 GDPR and Article 14 para. 4 GDPR.
Usage HNGRYnsite camera to display fridge contents & support
During the onboarding and ongoing use of the camera, information and pictures / photos are automatically sent and processed by your HNGRY app in connection with the camera to our web servers. This is necessary in order to correctly display the pictures / photos of the contents of the fridge to you and thus provide the service. In Addition, it is possible that you send us log files via e-mail for the purpose of support requests.
What data do we process and for what purpose?
We process the following data:
- Your (external/internal) IP-adress
- ShoppinglistID
- CameraID
- ImageID
- Timestamp
- SSID
- LHCloudTraceID
- Pictures / photos of the fridge content
- Notice: The pictures / photos only represents personal data in connection with the metadata. In Accordance with our terms of use, you agree to transmit to the HNGRY app or take with the camera only pictures / photos of food and products that do not contain or present any personal data (e.g. name tags on food containers or pictures / photos of people) or sensitive personal images (e.g. medicines). You can find the terms of use here: https://iamhngry.com/en/terms
These data are in principle processed by us solely for the purpose of providing the service and for the correct processing or answering of your support requests and error analysis/improvement of the camera. This data and the metadata without personal reference are absolutely necessary for the provision of the service.
Processing for other purposes may only be considered if the necessary legal requirements pursuant to Article 6 para. 4 GDPR are met. In that case, we will of course comply with any information obligations pursuant to Article 13 para. 3 GDPR and Article 14 para. 4 GDPR.
On what legal basis do we process your data?
The processing of your data is carried out for the performance of a contract or in order to take steps prior to entering into a contract pursuant to Article 6 para. 1 point b GDPR or to protect our legitimate interests in accordance with Article 6 para. 1 point f GDPR.
Our legitimate interests are the correct response to and processing of your support request or message.
You have the right to object, on grounds relating to your particular situation, at any time to processing based on Article 6 para. 1 point f GDPR.
Use of technologies & services
A. General information
In providing our app, we use technologies & services. In the following notices we provide you – as a user of our app – with additional information on data processing via the use of technologies & services.
I. What are technologies & services?
Technologies & services can be used to determine whether there has already been communication from your end device to our app. Only the technology or service on your end device is identified. Personal data may, for example, be stored in the technologies & services if this is technically absolutely necessary, e.g. to enable a protected login.
Technologies & services can for example be small text files that a web server or an app can store and read on your terminal equipment (computer, smartphone or similar) that you use. Technologies & services contain individual, alphanumeric character strings that enable identification of the web browser that you are using and may also contain information on user-specific settings.
The aforementioned technologies & services and other technologies are hereinafter collectively referred to as “Technologies”.
II. What types of technologies exist?
We distinguish between essential technologies on the one hand and optional technologies on the other:
- Essential technologies are those that are technically necessary for the functionality as well as for ensuring the security and stability of our app and information technology systems. We also assign to this category those technologies that store certain settings that you have made, options selected or information entered until you close your app (at the latest), in order to provide the desired function that you have requested (e.g. login status, language setting etc.). Your consent is not required to store or read essential technologies. You cannot, therefore, manage essential technologies via the settings of the consent management service that we use, but only via your app and delete technologies stored there or block storage of technologies.
- Optional technologies are those that are not essential for functionality nor to ensure the security and stability of our app and information technology systems, but are used for analysis or marketing purposes. These technologies can, for example, be used to compile anonymous statistics and collect information on how you use our app, which enables us to analyse the use of our app and thereby optimise it. We also assign to this category those technologies that store certain settings that you have made, options selected or information entered; these remain after you have closed your app in order to provide the desired function that you have requested (e.g. login status by selecting “Remember my e-mail address”, wish list, compare list etc.) over a longer term. To store or read optional technologies, your prior consent is generally required. You can consent to the use of optional technologies and withdraw any consent that you have granted at any time with future effect via the settings of the consent management service that we use.
Both essential and optional technologies may be so-called “session technologies” or “persistent technologies”, which differ in their intended lifetime or functional life:
- Session technologies are stored on your terminal equipment and are automatically deleted when you close your app.
- Persistent technologies (or permanent technologies) are stored on your terminal equipment and are not automatically deleted when you close your app, but remain on your terminal equipment for a predefined period of time.
B. Use of technologies on our app
I. Essential Technologies
- Which essential technologies are used for what purpose and for how long?
Service | Purpose | Service provider | Functional life |
Consent manangement | Obtaining and managing consent and storing information about consent decisions. | Liebherr-Hausgeräte GmbH Memminger Straße, 77-79 88416 Ochsenhausen Germany | 30 days |
Language detection | Language detection for user-specific language display of the app | – | Until your app is closed |
AppsFlyer /Fraud prevention) | For the stability and security as well as fraud prevention of our campaigns | AppsFlyer Ltd., 14 Maskit St., POB 12371, Herzliya, Israel | Until the purpose is achieved |
- Consent Management
In order for you to manage the use of optional cookies on our app, we have implemented a consent management service. Via the consent management service, the first time you access our app, you will be presented with a previously defined query (“Cookies, other technologies and miscellaneous services”), which allows you to accept or decline the use of optional cookies by clicking the appropriate button. In addition, clicking on “settings” will take you to the settings of the consent management service, where you will find inter alia a simplified cookie list, classified by type. With the consent management service, you can inter alia find out about the purposes of the cookies that we use, the data processed in each case as well as any data recipients and, in the case of optional cookies, you can give or withdraw your consent at any time by selecting or deselecting the relevant box.
Please note that essential cookies are already stored upon accessing our app and that the relevant box is preselected. It is not possible to deselect essential cookies via the consent management service. The functionality of the consent management service itself requires the use of certain cookies.
Information about the service provider:
Liebherr-Hausgeräte GmbH, Memminger Straße 77-79, 88416 Ochsenhausen, Germany
Website: https://www.liebherr.com/de-de/gefrier-kuehlschraenke/hausgeraete-2451384
Privacy Policy:https://www.liebherr.com/de-de/gefrier-kuehlschraenke/datenschutz-2451382
- Language detection
We use a session technology to enable user-specific language display of our app. In so doing, the language of your app will be detected and our app displayed for you in the same language.
- AppsFlyer – Fraud prevention
We use the services of the provider AppsFlyer Ltd, 14 Maskit St, Herzliya, Israel (“AppsFlyer”); parent company: AppsFlyer Inc. 111 New Montgomery St Ste 400 San Francisco, CA, 94105-3616 United States (hereinafter collectively “AppsFlyer”), with the enhancement of “IP anonymisation” (also referred to as “IP masking method”), in order to learn more about the ways in which users become aware of our app / offer through the statistical analysis of our app / offer (“AppsFlyer “Fraud prevention”). For this purpose, we have concluded a data processing addendum with AppsFlyer in accordance with Article 28 of the GDPR and the EU standard contractual clauses. Accordingly, AppsFlyer will process the collected data (data on your terminal device or your web browser, IP addresses and your app activities) on our behalf for the purpose of evaluating your use of our app for us, compiling reports on app activities and providing us with other services related to the use of our app and internet usage.
This involves the collection, processing and use of certain information about the devices used by users, your online usage behaviour and page content accessed. AppsFlyer uses this data on our behalf to detect and prevent cases of so-called “mobile fraud”, i.e. manipulative and fraudulent actions in connection with our marketing measures. Based on the collected and subsequently aggregated data, AppsFlyer can identify for us whether certain actions in connection with our app (e.g. download or installation) were caused by manipulation.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer to the USA takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. According to this adequacy decision, the USA ensures an adequate level of protection within the meaning of Article 45 GDPR for personal data transferred from the EU to organisations in the USA that are certified under the “EU-U.S. Data Privacy Framework” (hereinafter “DPF”) and included in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/list), maintained and made publicly available by the U.S. Department of Commerce.
AppsFlyer is certified under the DPF and included in the Data Privacy Framework List.
You can object to the collection and storage of data by AppsFlyer at any time with effect for the future by following the instructions at https://www.appsflyer.com/optout. Alternatively, you can stop the use of AppsFlyer technology by sending us a message to feedback@iamhngry.com and informing us of your revocation.
Information about the service provider:
AppsFlyer Ltd, 14 Maskit St, Herzliya, Israel (“AppsFlyer”); parent company: AppsFlyer Inc. 111 New Montgomery St Ste 400 San Francisco, CA, 94105-3616 United States
Website:
https://www.appsflyer.com/de/
Privacy Policy:
https://www.appsflyer.com/services-privacy-policy
2. On which legal basis are essential technologies used?
We use essential technologies for the purposes of legitimate interests in accordance with Article 6 para. 1 point f GDPR.
Our legitimate interests are:
- Ensuring the security and stability of our app and information technology systems, for example by protecting against attacks in the form of targeted server overloads (Denial of Service attacks) or by using optimal load distribution on servers
- Asserting, exercising and defending legal claims
- Providing and guaranteeing the proper functionalities of our app
- Analysis of campaigns, measurement of download statistics and campaign effectiveness
- Detection and prevention of mobile fraud
- How can I object to the use of essential technologies?
You can exercise your right to object by means of the blocking options described below under “Deletion/Blocking of Technologies” (cf. Article 21 para. 5 GDPR), i.e. by blocking essential technologies via your app settings.
Please note that if you delete without blocking, essential technologies will be used once again when you access our app at a later date. Please also note that deactivating or deleting or blocking essential technologies may affect the performance and functionality of our app and may cause certain features and functions to be unavailable.
II. Optional technologies
Using the following information, we would like to enable you to make a well-founded decision for or against the use of optional technologies and the associated data processing.
- Which optional technologies are used for what purpose and for how long?
Service | Purpose | Service provider | Functional life |
Google Analytics | App analytics | Google Ireland Limited, Dublin 4, Ireland | Up to two years |
Google Firebase Crashlytics | Bug reports | Google Ireland Limited, Dublin 4, Ireland | Up to two years |
AppsFlyer (Marketing & Retargeting) | Marketing | AppsFlyer Ltd., 14 Maskit St., POB 12371, Herzliya, Israel | Until the purpose is achieved |
Push notifications | Sending push notifications and, where applicable, analysing usage and behavioural data to personalise push notifications | Depending on the operating system of the terminal equipment: iOS: Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland Android: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland If consent for personalisation has been given, additionally: Urban Airship Germany GmbH, Thurn-und-Taxis-Platz 6, 60313 Frankfurt, Germany | unlimited |
- Google Analytics
Subject to your consent, we use app analysis technologies in order to analyse the use of our app and thereby be able to improve it continuously. The anonymised user statistics obtained (e.g. number and origin of app visitors) enable us to optimise our app and improve its design – such as by placing frequently accessed information or topics on our app at the right location to meet demand.
For app analysis we use “Google Analytics”, a app analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter collectively “Google”), with the “IP anonymization” extension (also called “IP masking method”). To this end, we have concluded a data processing agreement with Google in accordance with Article 28 GDPR. Google will accordingly process the data collected (data about your terminal equipment or web browser, IP addresses and your app or application activities) on our behalf for the purposes of evaluating your use of our app, compiling reports on app activity and providing other services relating to app and internet usage.
Data collected within the context of Google Analytics may be stored and processed by Google or subprocessors of Google outside the EU or the EEA and thus in a third country, in particular in the USA. The IP masking method that we use ensures that before the IP address is transferred to a Google server in the USA and stored there, it is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety, thereby preventing or considerably complicating identification of a person. Only in exceptional cases will the complete, i.e. entire, IP address be transferred to a Google server in the USA and only shortened there.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer to the USA takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. According to this adequacy decision, the USA ensures an adequate level of protection within the meaning of Article 45 GDPR for personal data transferred from the EU to organisations in the USA that are certified under the “EU-U.S. Data Privacy Framework” (hereinafter “DPF”) and included in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/list), maintained and made publicly available by the U.S. Department of Commerce.
Google LLC is certified under the DPF and included in the Data Privacy Framework List.
Service provider information:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Google Ads Data Processing Terms:
https://privacy.google.com/businesses/processorterms/
Terms of Service for Google Analytics:
https://marketingplatform.google.com/about/analytics/terms/us/
Overview of data usage in Google Analytics:
https://support.google.com/analytics/answer/6004245?hl=en
Google Privacy Policy:
https://policies.google.com/privacy
Technical explanation of “IP Anonymization (or IP masking) in Google Analytics”:
https://support.google.com/analytics/answer/2763052?hl=en
Additional note:
If you wish to deactivate Google Analytics across all apps, you can download and install the “Google Analytics Opt-out Browser Add-on” at https://tools.google.com/dlpage/gaoptout?hl=en. This option only disables web analysis as long as you are using the app for which you have installed the add-on.
- Google Firebase Crashlytics
We have integrated Google Firebase Crashlytics into the HNGRY app to analyse and fix errors. The reporting serves the stability and improvement of the app. Information about the device used and the use of the HNGRY app is collected (e.g. the timestamp, when the app was started and when the crash occurred), which enables us to diagnose and solve problems. This personal data is not merged with your other profile information. The storage period of the data collected in this way can be found in the provider’s privacy policy.
For app analysis we use “Google Firebase Crashlytics”, a app analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter collectively “Google”), with the “IP anonymization” extension (also called “IP masking method”). To this end, we have concluded a data processing agreement with Google in accordance with Article 28 GDPR. Google will accordingly process the data collected (data about your terminal equipment or web browser, IP addresses and your app or application activities) on our behalf for the purposes of evaluating your use of our app, compiling reports on app activity and providing other services relating to app and internet usage.
Data collected within the context of Google Firebase Crashlytics may be stored and processed by Google or subprocessors of Google outside the EU or the EEA and thus in a third country, in particular in the USA. The IP masking method that we use ensures that before the IP address is transferred to a Google server in the USA and stored there, it is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety, thereby preventing or considerably complicating identification of a person. Only in exceptional cases will the complete, i.e. entire, IP address be transferred to a Google server in the USA and only shortened there.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer to the USA takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. According to this adequacy decision, the USA ensures an adequate level of protection within the meaning of Article 45 GDPR for personal data transferred from the EU to organisations in the USA that are certified under the “EU-U.S. Data Privacy Framework” (hereinafter “DPF”) and included in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/list), maintained and made publicly available by the U.S. Department of Commerce. Google LLC is certified under the DPF and included in the Data Privacy Framework List
Information about the service provider:
Google Ireland Limited, Gordon House, Barrow Street Dublin 4 D, Ireland
Website:
https://firebase.google.com
Privacy Policy:
https://firebase.google.com/support/privacy/
- AppsFlyer – Marketing & Re-Targeting
We use the services of the provider AppsFlyer Ltd, 14 Maskit St, Herzliya, Israel (“AppsFlyer”); parent company: AppsFlyer Inc. 111 New Montgomery St Ste 400 San Francisco, CA, 94105-3616 United States (hereinafter collectively “AppsFlyer”), with the enhancement of “IP anonymisation” (also referred to as “IP masking method”), to carry out further advertising of our products (“AppsFlyer Marketing & Re-Targeting“). For this purpose, we have concluded a data processing addendum with AppsFlyer in accordance with Article 28 of the GDPR and the EU standard contractual clauses. Accordingly, AppsFlyer will process the collected data (data on your terminal device or your web browser, IP addresses and your app activities) on our behalf for the purpose of evaluating your use of our app for us, compiling reports on app activities and providing us with other services related to the use of our app and internet usage.
This involves the collection, processing and use of certain information about the devices used by users, your online usage behaviour and page content accessed. AppsFlyer uses this data on our behalf to evaluate and understand the performance of our marketing measures and channels, and how you use and interact with the app.
Data collected through AppsFlyer may be stored and processed by AppsFlyer or subprocessors of AppsFlyer outside the EU or the EEA and thus in third country, particular in the USA. The IP masking method that we use ensures that before the IP address is transferred to a AppsFlyer server in the USA and stored there, it is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety, thereby preventing or considerably complicating identification of a person. Only in exceptional cases will the complete, i.e. entire, IP address be transferred to a Google server in the USA and only shortened there.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer to the USA takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. According to this adequacy decision, the USA ensures an adequate level of protection within the meaning of Article 45 GDPR for personal data transferred from the EU to organisations in the USA that are certified under the “EU-U.S. Data Privacy Framework” (hereinafter “DPF”) and included in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/list), maintained and made publicly available by the U.S. Department of Commerce.
AppsFlyer is certified under the DPF and included in the Data Privacy Framework List.
You can object to the collection and storage of data by AppsFlyer at any time with effect for the future by following the instructions at https://www.appsflyer.com/optout. Alternatively, you can stop the use of AppsFlyer technology by sending us a message to feedback@iamhngry.com and informing us of your revocation.
Information about the service provider:
AppsFlyer Ltd., 14 Maskit St., Herzliya, Israel
Website:
https://www.appsflyer.com/de/
Privacy Policy:
https://www.appsflyer.com/services-privacy-policy
- Push notifications
Subject to your consent to receive push notifications and the technical capabilities of your terminal equipment, we will use push notifications to inform you about updates, various functions or specific news about our app, even if the app is not open and/or your terminal equipment is locked. To do this, we use the technology of your terminal equipment, so that your consent is given by allowing notifications via the applicable system settings of your terminal equipment. When you grant the relevant permission through the applicable system settings of your terminal equipment, your terminal equipment registers with the respective push service (Apple Notification Service or Firebase Cloud Messaging), which assigns a pseudonymised unique ID in the form of a so-called push token to your terminal equipment and to our app installed on it. With the help of this push token, the respective push service can unambiguously recognise your terminal equipment and our app installed on this terminal equipment and thus address it precisely, which is necessary for the proper sending and receiving of push notifications.
You can withdraw your given consent to receive push notifications at any time with effect for the future and thus prevent the further receipt of push notifications by revoking the relevant permission through the applicable system settings of your terminal equipment. When the relevant permission is revoked, the push token will also be deleted upon the next launch of our app.
Given that the reception of push notifications relies on the technology of your terminal equipment, we use the services detailed hereafter depending on the operating system of the terminal equipment:
- Apple Push Notification Service
If your terminal equipment is running the operating system “iOS”, push notifications are sent and received via the “Apple Push Notification Service”, a service provided by Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland; parent company: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (hereinafter collectively “Apple”).
Data transmitted/transferred to Apple within the context of the Apple Push Notification Service may be stored and processed by Apple outside the EU or the EEA and thus in a third country, in particular in the USA.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer of data to the USA takes place subject to appropriate safeguards pursuant to Article 46 para. 1 GDPR, which consist of Apple’s making use of standard data protection clauses or standard contractual clauses adopted by the European Commission pursuant to Article 46 para. 2 point c GDPR.
Service provider information:
Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland; parent company: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
Website:
https://developer.apple.com/notifications
Privacy Policy:
https://www.apple.com/legal/privacy/en-ww
Standard Contractual Clauses:
If you would like a copy of Apple’s standard contractual clauses, please contact https://apple.com/de/privacy/contact/.
- Firebase Cloud Messaging
If your terminal equipment is running the operating system “Android”, push notifications are sent and received via “Firebase Cloud Messaging”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter collectively “Google”).
Data transmitted/transferred to Google within the context of Firebase Cloud Messaging may be stored and processed by Google outside the EU or the EEA and thus in a third country, in particular in the USA.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer to the USA takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. According to this adequacy decision, the USA ensures an adequate level of protection within the meaning of Article 45 GDPR for personal data transferred from the EU to organisations in the USA that are certified under the “EU-U.S. Data Privacy Framework” (hereinafter “DPF”) and included in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/list), maintained and made publicly available by the U.S. Department of Commerce.
Google LLC is certified under the DPF and included in the Data Privacy Framework List.
Service provider information:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website:
https://firebase.google.com/products/cloud-messaging
Privacy Policy:
https://policies.google.com/privacy
Subject to your supplementary consent to personalise push notifications, we additionally also collect and analyse your use of our app to personalise push notifications. This means that we track your interactions with our app and the push notifications received through it (e.g. opening behaviour) and collect and analyse your usage and behavioural data in this regard in order to send you targeted, personalised advertising based on your presumed interests using electronic mail in the form of push notifications. In doing so, usage and behavioural data are also stored in recipient profiles. The analysis of your usage and behavioural data and the storage of the analysis results also enable us to measure the success of our advertising campaigns and to design them to meet demand and suit our target groups.
You can withdraw your given consent to personalise push notifications at any time with effect for the future and thus prevent the further collection and analysis of your data by deselecting the corresponding service under “Analysis” in the settings of the consent management service.
If you have given your supplementary consent to the personalisation of push notifications, we use the following services in addition to the respective push service (Apple Notification Service or Firebase Cloud Messaging):
- Airship
For the personalisation of our push notifications, including the necessary analysis of usage and behavioural data, we use “Airship”, an analysis service provided by Urban Airship Germany GmbH, Thurn-und-Taxis-Platz 6, 60313 Frankfurt, Germany; parent company: Airship Group, Inc., 1225 W. Burnside, Suite 401, Portland, OR 97209, USA (hereinafter collectively “Airship”). In this respect, we have concluded a data processing agreement with Airship in accordance with Article 28 GDPR.
Data collected within the context of the analysis may be stored and processed by Airship or subprocessors of Airship outside the EU or EEA, and thus in a third country, in particular in the USA.
For a data transfer to a third country, pursuant to the GDPR, additional conditions are to be complied with in order to ensure that the level of data protection guaranteed in the EU is not undermined. In this case, the data transfer to the USA takes place on the basis of the European Commission’s adequacy decision of 10 July 2023. According to this adequacy decision, the USA ensures an adequate level of protection within the meaning of Article 45 GDPR for personal data transferred from the EU to organisations in the USA that are certified under the “EU-U.S. Data Privacy Framework” (hereinafter “DPF”) and included in the “Data Privacy Framework List” (https://www.dataprivacyframework.gov/list), maintained and made publicly available by the U.S. Department of Commerce.
Airship Group, Inc. is certified under the DPF and included in the Data Privacy Framework List.
Service provider information:
Urban Airship Germany GmbH, Thurn-und-Taxis-Platz 6, 60313 Frankfurt, Germany; parent company: Airship Group, Inc., 1225 W. Burnside, Suite 401, Portland, OR 97209, USA
Website:
Privacy Policy:
https://www.airship.com/legal/privacy
- On which legal basis are optional technologies used?
We use optional technologies on the basis of the consent pursuant to Article 6 para. 1 point a in conjunction with Article 7 GDPR.
- How can I withdraw the consent that I have given to the use of optional technologies?
When you (first) access our app, we request inter alia your consent for the use of optional technologies by means of a predefined query (“Technologies & services”). Unless otherwise stated in this data protection declaration, you can withdraw the consent that you have given at any time with effect for the future and thereby prevent further collection of your data by deselecting optional cookies (analysis, marketing) in the settings of the consent management service.
If and insofar as you do not consent or withdraw consent already given (further) data collection by means of optional technologies requiring consent and the associated data processing will cease. This presents no drawbacks when using the app, unless you also deactivate the technology functions for essential technologies.
The revocation of consent will not affect the legality of the processing carried out on the basis of the consent up to revocation.
As an alternative to withdrawing your consent, you can also make use of the options described below under “Deletion/Blocking of Technologies” to delete or block technologies using the information provided there.
C. Deletion/Blocking of Technologies
Technologien werden auf Deiner Endeinrichtung gespeichert, sodass Du die Kontrolle über Technologien hast. Wenn Du nicht möchtest, dass wir Deine Endeinrichtung wiedererkennen, kannst Du jederzeit bereits auf Deiner Endeinrichtung gespeicherte Technologien – manuell oder automatisiert – deaktivieren bzw. löschen und/oder die Speicherung von Technologien für die Zukunft blockieren, indem Du in Deiner Endgeräte-Software die entsprechende Einstellung vornimmst, z.B. „keine Technologien akzeptieren“ oder Ähnliches. Die meisten Endgeräte können zudem so konfiguriert werden, dass eine Speicherung von Technologien nur akzeptiert wird, wenn Du dem gesondert im Einzelfall zustimmen. Wenn Du die Technologien unserer Dienstleister und Partner nicht akzeptieren willst, solltest Du hierzu in Deinem Endgerät die Einstellung „Technologien von Drittanbietern blockieren“ oder Ähnliches vorfinden. In der Regel wird Dir in der Menüleiste Deiner App über die Hilfe-Funktion angezeigt, wie Du bereits gespeicherte Technologien ausschalten bzw. löschen und neue Technologien abweisen kannst. Einzelheiten zu den beschriebenen Möglichkeiten entnimmst Du bitte der Anleitung Deines Endgeräte-Herstellers.
Please note that if you delete without blocking, any essential technologies will be used the next time and we may ask you once again for your consent to optional technologies when you access our app at a later date. Please also note that deactivating or deleting or blocking essential technologies may affect the performance and functionality of our app and may cause certain features and functions to be unavailable.
You can manage the settings for the use of optional technologies and the associated data processing at any time in the settings of the consent management service.
Data recipients
We may transfer your data to:
- Other companies of the Liebherr Group, provided this is necessary to initiate, perform or terminate a contract, or for our part we have a legitimate interest in the transmission and your predominant legitimate interest is not opposed to this;
- The social login provider of your choice
- The providers of the functions and any other services you actively use;
- Our service providers that we use in order to achieve the above-stated purposes;
- The recipient or recipients you specify;
- Courts of law, courts of arbitration, authorities or legal advisers, if this is necessary to comply with current law or for the establishment, exercise or defence of legal claims.
Data transfers to third countries
A data transfer to entities in countries outside the European Union or the European Economic Area (so-called third countries) or to international organisations is permissible only (1) if you have given us your consent or (2) if the European Commission has decided that there is an adequate level of protection in a third country (Art. 45 GDPR). If the Commission has not taken such a decision, we can transfer your data to recipients located in a third country only if appropriate safeguards exist (e.g. standard data protection clauses adopted by the Commission or the supervisory authority under a specific procedure) and the enforcement of your rights as a data subject is guaranteed or the transfer is permissible in individual cases on the grounds of other legal bases (Art. 49 GDPR).
Where we transfer your data to third countries, we will inform you of the respective details of the transfer at the relevant points in this data privacy policy.
Data erasure and storage period
We process your data, provided that this is necessary for the respective purpose, if you have not effectively objected to the processing of your data or effectively withdrawn the consent that you may have granted.
If statutory retention obligations exist, we will have to store the data affected thereby for the duration of the retention obligation. After the expiry of the retention obligation, we will check whether there is any further necessity for processing. If there is no longer any necessity, your data will be deleted.
Data security
We use technical and organisational security measures to ensure that your data is protected from loss, improper changes or unauthorised access by third parties. Moreover, we ensure that, on our side, only authorised persons are granted access to your data and then only to the extent necessary for the above-mentioned purposes. The transfer of all data is encrypted.
Date: December 2024