Here we would like to describe whether and how we process your personal data within the scope of the "MY SERVICE PLAN" app & the associated software. "We" as the responsible party within the meaning of the General Data Protection Regulation ("GDPR") are

MEINDIENSTPLAN GmbH
Gschmeidlerstraße 45
2020 Hollabrunn, Austria
FN 483121y
office@meindienstplan.at

1. general information on data processing and legal bases

1.1 This privacy policy describes the nature, scope and purpose of the processing of personal data within our service offering and the associated application and software (hereinafter collectively referred to as "services"). This statement applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile or offline).

1.2 The definitions of the terms used here, such as "personal data" or their "processing" can be found in Art 4 GDPR.

1.3 We process personal data only in compliance with the legal provisions (in particular Art 6 para 1 DSGVO). Accordingly, data will only be processed if a legal permission exists; in particular, if the data processing is necessary for the fulfillment of our contractual services (e.g. provision of the application) as well as our online services or is required by law or if there is a consent from you as a user or an overriding legitimate interest on our part (e.g. interest in the analysis and optimization of our application).

2. data processing as a processor for your employer (Art 4 Z 8 DSGVO)

2.1 The vast majority of the data processing carried out by us is only carried out on behalf of your employer. With regard to the services offered by us to your employer, we do not act as a controller (Art. 4 Z 7 DSGVO), but only as a processor (Art. 4 Z 8 DSGVO). In this respect, only your employer can provide you with corresponding information about the processing of your data as the controller. Please contact your employer if you have any questions.

2.2 All those data processing operations which we ourselves, however, carry out as the responsible party (Art. 4 Z 7 DSGVO) shall be described in more detail below:

3. categories of data processed and legal basis for processing

3.1 We process the following of your personal data within the scope of our offer for the performance of the contract (Art 6 para 1 lit b DSGVO) or on the basis of our overriding legitimate interest (Art 6 para 1 lit f DSGVO):

- Usage data (e.g., time of app download or deletion, access times, duration of use of individual functions

For the collection of usage data we use Google Firebase, for more information see point 6 of this privacy policy.

4. purposes of data processing

4.1 The personal data mentioned in point 3 are processed for the following purposes:

-to further improve the services offered and make them more user-friendly for you;

- to be able to compile anonymized usage statistics;
- to be able to detect any misuse or security-related issues.

5. push notifications & crash reporting

5.1 In the apps of meinDienstplan GmbH, important information can be received via push notification. In addition, notifications may be sent on special occasions; this may be the case for major updates, updates on data protection, the terms and conditions or technical problems and is usually limited to individual messages every month or less frequently. Users can disable the receipt of push notifications at any time via the app settings or via the mobile device settings. To send these messages, we use the services of Firebase, more information on this can be found below under point 6 of this privacy policy.

5.2 In order to quickly detect and fix errors in the app, anonymous crash reports are transmitted in case of crashes with the help of Firebase Crashlytics. These are limited to diagnostic data (OS version, app version, etc.) as well as the stack trace (error occurred and code affected) and do not contain any personal information of the user. For information about Firebase, see point 6 below.

6. privacy policy on the use of Google Firebase & the Google Cloud

6.1 Our Apps use technology from Google Firebase (Google Inc., 1600 Amphitheatre

Parkway, Mountain View, CA 94043, USA, "Google"). Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list of these can be found here: https://firebase.google.com/terms/. Some Firebase services process personal data which is limited to so-called "instance IDs" that are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not constitute personally identifiable information to us, nor do we make any effort to subsequently personalize it. We process this aggregate data to analyze and optimize user behavior, such as by evaluating crash reports.

6.2 For Firebase Analytics, Google also uses the advertising ID of the mobile device in addition to the "instance ID" described above. You can restrict the use of the advertising ID in the device settings of your mobile device.

6.3 Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the end device, which serves as the target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the end device. We do not use Firebase services that use personally identifiable information, such as IP addresses, email addresses, phone numbers, or passwords. More information about Firebase privacy and security can be found here: https://firebase. google.com/support/privacy/.

6.4 Google has joined the EU-US Privacy Shield, a data protection agreement between the EU and the USA. More information on Google Firebase and data protection can be found at https://www.google.com/policies/privacy/ and at https://firebase.google.com/.

7. transfer of data to third parties and third-party providers

7.1 Data is only passed on within the framework of legal requirements and agreements with your employer. Accordingly, we only pass on data if this is necessary, e.g. on the basis of Art 6 para 1 lit b DSGVO for the execution of the contract or due to an overriding legitimate interest in accordance with Art 6 para 1 lit f DSGVO in an economic and effective operation. The personal data presented under point 3 will not be passed on or disclosed to your employer.

7.2 If we use subcontractors, they are located in the EU or the EEA. A transfer to third countries does not take place.

7.3. meinDienstplan uses a data center in which the cloud server is operated. The data center is located in Frankfurt and operated by DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor New York, NY 10013. The User will be informed accordingly and asked for his consent before the location is changed.

7.4 For the above purposes, we transfer your personal data to the following recipients or categories of recipients:

- Analysis and usage data to Google Firebase (see point 6) - Web hoster

8. duration of storage

8.1 The data stored by us will be deleted or completely anonymized as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations or the data is required for the clarification of legal disputes.

8.2 According to § 132 BAO we are legally obliged to keep accounting documents (e.g. invoices, receipts) for a period of at least 7 years (longer in case of legal disputes).

8.3 Your data will be deleted within 60 days if your employer so requests.

9. your rights in connection with the processing of personal data

9.1. You are entitled, among other things, (i) to check whether and which personal data we have stored about you and to obtain copies of this data (access), (ii) to request the correction, completion or deletion of your personal data that are incorrect or not processed in accordance with the law (rectification), (iii) to request us to restrict processing (restriction), and (iv) in certain circumstances, object to the processing of your personal data or withdraw consent previously given for the processing (objection), (v) request data transfer (data portability), (vi) learn the recipients or categories of recipients to whom your personal data will be transferred, and (vii) lodge a complaint with the Austrian data protection authority (www.dsb.gv.at) to lodge a complaint (Complaint).

10. modification of the privacy policy

10.1 Since, for example, the legal situation or our services including the associated data processing may change, we reserve the right to adapt this privacy policy accordingly. However, this only applies with regard to declarations on data processing. Insofar as we require your consent for data processing or parts of this data protection declaration contain regulations of the contractual relationship with the users, the changes will only be made with your consent.

10.2 Please inform yourself regularly about the current content of our privacy policy, you will find the latest version at https://www.meindienstplan.at/at/datenschutz/app.