2. DATA WE COLLECT, PROCESS AND USE
b. Regarding the Website: if you visit the Website your browser automatically transfers certain data so that it can access the Website, in particular: the IP address, the date and time of the request, the browser type, the operating system, the language and version of the browser software. Such data is processed, in particular, as without such data the Website cannot be accessed.
c. In connection with the use of the App a random user number (hash value) is generated for you based on your mobile device that allows us to allocate your Frosh activities (posts, replies, etc.) to an account. The use of such number is required for the registration of your account (as without such value we cannot connect your activities within the App to your account and therefore a use of the App would not be possible). We cannot relate this number or the account to your name or other personal information of you. Furthermore, we also store data on the language in which you use the App in order to to provide to you the App and respective content in your preferred language.
d. In addition, regarding the App certain data transmitted by your mobile device is collected, namely your IP address, the periods of time in which you use the App, the date of the registration of your account, the operating system of your device (Android or iOS) and the type of device you use (e.g. iPhone, Samsung Galaxy). Such data is collected, in particular, in order to be able to distinguish actual App users from bots, prevent abusive behaviour and block abusive content that is reported by other users.
e. If you actively provide us in the App with additional basic demographic data such as interests and major we might use such data to personalize the experience for you with regard to the App, as well as providing information tailored towards your interests or major. I
f. In addition, the full functionalities of the App are only accessible to you if you grant access to your mobile device’s geo location. To this end, when you use the App for the first time you will be asked by your device whether location data may be used. If you do not allow this or if you allow this, but later deactivate this functionality in the settings of your mobile device, please note that the App or at least certain features and functionalities of the App might not work or might not be accessible to you.
g. If you provide to us information on the Website via a request form contained on the Website or on another way then we will process your data in order to answer your respective (information) requests.
h. We might disclose your Personal Data where such disclosure is required by law (for example, upon request of a court or of law enforcement authorities).
i. We might disclose certain user data (such as information about posts and information about activity) to universities, research centers or companies in order for them to further analyze use patterns of our users, help us classify content created by our users or to assess future integration with said entities. The respective data disclosed to such entities cannot be traced back by such entities to a specific user.
l. The legal basis for the processing of personal data described above insection 2.b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data arises from the fact that without such data the Website cannot be accessed);
section 2.c (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures);
section 2.d (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need a way to distinguish users from bots, prevent abusive behaviour and block abusive content when users report it);
section 2.e is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we use and analyze the respective data to improve the App, such as by gaining a better understanding of your interests and to help personalize your user experience, as well as providing you features exclusive to your specific demographic; regarding age verification we have an interest to verify whether you are old enough to use the App);
section 2.f is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures) and Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interest is that we can only provide the App services with all its functionalities, if respective geo location data is processed). For the avoidance of doubt: we will not process your geo location data if you choose to not allow your device to share such data with regard to the App (cf. also above under 2.f);
section 2.g is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need to process the respective data in order to being able to answer your (information) requests;
section 2.h is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).;
section 2.i (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the universities have a legitimate interest to analyze respective data from a scientific point of view and this analysis is not trivial for us to reproduce as we use the results of such analysis to further our understanding of our user base and its preferences);
3. USE OF ANALYZING, ADVERTISING AND OTHER TOOLS
a. With regard to the App we use the advertising identifiers IDFA (for iOS devices) and AAID (for Android devices) (together the “Advertising Identifiers”). These Advertising Identifiers are non-personal, non-permanent numbers contained on your mobile device. We do not store the Advertising Identifiers with any other mobile device related information or other personal information of you. The Advertising Identifiers identify your user data to enable us to provide you with personalized advertising. We might also (in some countries) share, for example, respective data with so called advertising networks to deliver advertisements to you in the App that are more relevant / specifically tailored for you. In particular, the App might display advertisements from different advertising networks. You can deactivate the use of the Advertising Identifiers in the settings of your operating system by switching off ad tracking on iOS (under “Settings/Privacy/Advertising”) or resetting your AAID on Android (under “Settings/Ads”). You can also disable the aforementioned tracking functionalities in the “Me” section of the App.
b. We also analyze data of usage to better understand user preferences through user actions. Next to our own analytics we also use the following tools:
dd. We use the tool branch.io of Branch Metrics, Inc. 1400 Seaport Blvd, Building B, 2nd Floor, Redwood City, CA 94063, USA (“Branch Metrics”) with regard to the App. branch.io is a real-time database, which we are using for real-time data exchange and data storage. branch.io also allows for analyzing anonymized behavioral data, in particular the analyzing of active users and activity events (e.g. posts, replies, votes). We also use branch.io to analyse more complex use cases of the app which we otherwise would not be able to understand (connection between sharing content and engagement, what is the source of users registering into the app) so that we can further optimise the app and identify real users and bots. Certain (anonymized) user data might be sent to Branch Metrics. For further information regarding branch.io please refer to https://branch.io/policies/#privacy. To our best knowledge Branch Metrics complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Branch Metrics has certified that it adheres to the relevant Privacy Shield Principles. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme.
ee. If you decide to deactivate (some of) the tools described in this section 3.b (to the extent this is possible), please note that certain features and functionalities of the Services might not work or might not be accessible to you.
c. The legal basis for the processing of the data described in section 3a (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we can only offer the App to users for free if we are in a position to efficiently display relevant advertisements in the app). The legal basis for the processing of the data described in the section 3b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we use and analyze the respective data (i) to improve our Services, such as by gaining a better understanding of your interests and requirements regarding our Services, (ii) to help personalize your user experience, (iii) to recognize user patterns in order to protect the App against bots, abusive members and abusive content, and (iv) to provide you with certain features of the Services (without us using such data some of the functionalities of the Services might not work or might not be accessible (this applies, in particular, to the tools mentioned above in sections 3.b, aa, bb, cc, dd; with regard to item (iv) such processing of data is also based on Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures)).
4. TECHNICAL IMPLEMENTATION OF THE SERVICES BY SUBCONTRACTORS
We partly use service providers who process Personal Data on behalf of us to operate the technical platform for the Services. These service providers process the data exclusively according to our instructions (order processing). The legal basis for the data processing described in this section 4 is Art. 6 (1) sentence 1 lit. b GDPR (performance of contract and pre-contractual measures) and Art. 28 GDPR (order processing).
5. DURATION OF STORAGE OF PERSONAL DATA
6. YOUR RIGHTS
You have the right to request information from us at any time about your Personal Data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your Personal Data or to object to the processing of your Personal Data as well as the right to receive from us your Personal Data provided to us in a structured, established and machine-readable format (you can transfer this data to other parties or have it transferred; data portability). If you have given your consent to the use of personal data, you can revoke such consent at any time (for the future). If you believe that the processing of your Personal Data by us is in breach of the applicable data protection laws, you can issue a complaint with the competent supervisory authority for data protection.
7. CONTACT; DATA PROTECTION OFFICER
You can contact us, for example, via the address indicated above in section 1., via hello@FroshApp.com and/or by using the contact info contained in the App or on the Website.
8. KEEPING YOUR PERSONAL DATA SECURE
This site has reasonable security measures in place to protect against loss, unauthorized use, disclosure or alteration of the personally identifiable information in our possession.
9. Digital Millennium Copyright Act
Notice and Procedure for Making Claims of Copyright Infringement. Pursuant to the Digital Millennium Copyright Act, Title 17, United States Code, Section 512(c)(2) ("DMCA"), Campusave.com has designated to the U.S. Copyright Office an agent to receive notifications of claimed copyright infringement relating to this Website (the "Designated Agent"). All such notifications relating to this Website must be submitted in a manner consistent with the DMCA to the following Designated Agent:
Service Provider: Uloop, Inc.
Name of Agent Designated to Receive Notification of Claimed Infringement: Greg Edson
Full Address of Designated Agent to Which Notification Should Be Sent: 306 S. Washington Ave, Suite 400, Royal Oak, MI 48067
Telephone Number of Designated Agent: 312.854.7605
Facsimile Number of Designated Agent: 312.376.0167
E-mail Address of Designated Agent: firstname.lastname@example.org