1) General information and scope of application

We, Nebelflucht GmbH ("we ", "our " or "us ") collect, process and use personal data of users ("users ", "your " or "you ") only in compliance with the existing data protection regulations. The legal framework for data protection is provided by the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The protection of personal data is an important concern for us. In the following, you will learn which personal data can be created in which way in the No Charges app ("app") or by using our services and how you maintain control over your data.

1.1 We act upon the principle of thrift data

We collect, process and use data according to the principle of thrift data. The submission of personal data in the app is voluntary and is limited exclusively to the purpose-related scope. We store personal data in accordance with the principles of data avoidance and thrift of data only as long as it is necessary or legally prescribed.

If the purpose ceases to apply and there is no obligation to retain data, we will block or delete the data in due time. Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is article 6 (1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

1.2 You're in control of your data

You have the right at any time to free information about the personal data stored by us and/or correction, blocking or deletion of the same, unless they are required for existing contract fulfilment or are subject to the statutory storage obligation. A corresponding contact is available to you for these purposes:

Nebelflucht GmbH
Gerichtstr. 12-13
Aufgang 6 Berlin
info@toto.io

1.3 Encrypted data transmission

The app uses SSL encryption for security reasons and to protect the transmission of personal data and other confidential content.

2) Areas of application for personal data

2.1 Logging information

When the app accesses No ChargesĀ“ services, information is automatically stored on our servers. This information is of a general nature and cannot be traced back to you personally. These so-called log files contain the following information:

  • date
  • amount of data
  • operating system
  • domain name of your internet provider
  • IP address

This data is exchanged through every communication between devices on the Internet. The collection of the data is therefore absolutely necessary.

We reserve the right to subsequently check any log files that have arisen in the event of suspicion of illegal use of the offer. If necessary, we can also use this data to optimise our offer or for our own statistical purposes.

2.2 Cookies

The app uses so-called cookies; text files that are stored on your device. These are only used to authenticate you as a user and do not contain any personal data.

2.3 Contact

If you contact us through the contact options offered, your data will be stored for a period of six months so that it can be used to process and answer your enquiry and in the event of follow-up questions. This data will not be passed on to third parties.

2.4 Analyse services

We do not use analysis services such as Google Analytics.

2.5 App specific data processing

The app allows you as a user to play games in the context of No Charges. The data generated during the game is stored and can be viewed by the game author for evaluation purposes. As long as the game is kept public by the author, your game data will be saved as well.

The processing of app specific data is the core of the app and is therefore carried out in accordance with article 6 (1)(f) GDPR.

2.5.1 User account data

In the registration process we collect your email address. Optionally you can upload an avatar.

If you sign in through a third-party provider using a single sign-on process, we will collect your username and access token (see 2.6.1] in addition to the email address used for third-party registration.

2.5.2 Player data

Each of your actions as a player (solving tasks, unlocking new elements, uploading photos) generates a log entry that can be viewed by the author.

If you play in a team with other players, they also receive information about your actions during the game.

2.5.3 Device data

The app uses different services of your device.

Camera

The camera is used to scan QR codes and take photos that are either used as avatars or to solve game elements and stored on our servers.

Within iOS and Android (version 6 or higher) you can control access to the camera in the app settings.

Geolocation

Geolocation is used to show you your current position on the map or to solve location-based game elements. Each time you try to solve a element manually, the app transfers your location data to our servers, where it is evaluated and stored based on the game history.

Within iOS and Android (from version 6) you can control the access to the geolocation in the app settings.

Compass / device orientation

The device orientation along the x, y and z axes (rotation around all device axes) is used to show you the "viewing direction" on the map. This information remains on your device and is not shared with our servers or third party service providers.

Local files / media

Access to local files or media is used to use photos as avatars or to solve game elements. The photos are then stored on our servers.

Within iOS and Android (from version 6) you can control the access to local files / local media in the app settings.

2.6 Services and contents of third party providers

The app also includes services of third parties.

2.6.1 Social media plugins

The app uses the embedding function for media, interactive contents of the following third party providers:

  • YouTube (operator: Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), privacy policy
  • Vimeo (operator: Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA), privacy policy
  • SoundCloud (operator: SoundCloud Limited Rheinsberger Str. 76/77 10115 Berlin, Deutschland), privacy policy
  • MixCloud (operator: Mixcloud Limited, 447 - 453 Hackney Road, London, E2 9DY, UK), privacy policy

You have to activate the embedding by tapping on the button "show". A corresponding note will inform you about the exchange of data with the third party provider. Activation represents your explicit consent to this data exchange.

When you request this data, your IP address (personal data) is sent to the provider's servers. The provider also uses cookies to collect information about user behaviour. We have no influence on the extent to which this information is stored and processed by the provider.

Google LLC and Vimeo Inc. are certified for the EU-U.S. Privacy Shield Agreement, which ensures compliance with data protection standards applicable in the EU.

For more information about the scope, nature and purpose of data processing and about rights and privacy settings please refer to the links above to the relevant privacy statements.

2.6.2 Other contents from third-party providers

The app also uses content from the following third-party providers:

  • CartoDB (operator: CartoDB Inc., 201 Moore St Brooklyn, NY 11206, USA), privacy policy

When you request this data, your IP address (personal data) is sent to the provider's servers. We have no influence on the extent to which this information is stored and processed.

CartoDB Inc. is certified for the EU-U.S. Privacy Shield Agreement, which ensures compliance with data protection standards applicable in the EU.

For more detailed information about the scope, type and purpose of data processing and about rights and setting options to protect your privacy, please refer to the links listed above to the corresponding privacy policies.

3) Reservation of changes

Technology is subject to constant change. We try to check innovations and updates of existing applications for their compatibility with the legal requirements. This may also mean that we must constantly change or expand our privacy policy. We therefore reserve the right to change our data protection declaration. The new data protection declaration will then take effect the next time you use our services.