Protection of personal data and responsible handling of information that you entrust to us are important and special concerns for us. Ruptly GmbH (“Ruptly”, or “we” or “us”) processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
- you visit our website stringer.ruptly.tv (see section 2.) or
- you use our App Ruptly Stringer (see section 3.)
1. Controller and Data Protection Officer
Controller in the meaning of data protection law: Ruptly GmbH, Lennéstrasse 1, 10785 Berlin, Germany, +49 (0) 30 3198 72 300, firstname.lastname@example.org. For further information please see our impressum.
Data Protection Officer: Datenschutzbeauftragter Ruptly GmbH, Lennéstrasse 1, 10785 Berlin, Germany, DPO@planit.legal
2. Website: Processing of your personal Data
Providing this Website requires the processing of personal data to the extent described in section 2.1. In addition, personal data will be processed in the cases described under section 2.2.
2.1. Data Processing to Enable the Use of the Website
When you visit our Website, we collect personal data to enable your use (usage data). This includes your IP address and data about the start, end and subject of your use of the Website as well as any identification data (e.g. your login data when you log into a secure area). It also includes technical data transmitted by your browser such as browser type/browser version, the previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this Website in our legitimate interest (Art. 6(1)(f) GDPR)). If you would like detailed information on the weighing of interests, please contact one of the addresses given under section 1.
2.2. Social Networks
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
Vkontakte Ltd, Tverskaya str., 8-B, St. Petersburg, 191015, Russia
2.3. App Stores
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA
Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014
3. App: Processing of your personal Data
3.1. Download of the App
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA
Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014
3.2. Data Processing to Enable the Use of the App
When you use our App, your device connects to our server and we collect personal data to enable your use (usage data). This includes your date and time of the request, device identification number (UDID and comparable device numbers) as well as further device information (operating system and version, manufacturer and model, IMEI, IMSI, mobile phone number, MAC address, etc.). We process these data for the provision and demand-oriented design of this App, to identify your device and to troubleshoot bugs in our legitimate interest (Art. 6(1)(f) GDPR). If you would like detailed information on the weighing of interests, please contact one of the addresses given under section 1.
3.3. User Account
To open up a user account, you must enter your first name, last name, e-mail address, mobile phone number and a password (Login Data). The data provided by you is necessary for the performance of a contract according to Art. 6(1)(b) GDPR. The registration or the opening of a user account at Ruptly is not possible without providing personal data. You are neither obliged to register with Ruptly nor to provide personal data. If you do not provide us with the required personal data, you may not be able to use the functions of the App. Otherwise there will be no consequences for you. It is possible to delete your user account at any time. This can be done by sending a message to one of the persons named in section 1.
3.4. Upload Content
In order to upload Content in the App, you need to have a user account (see section 3.3.) and provide us with additional personal data to execute the concluded contract, e.g. PayPal e-mail address. The legal basis for data processing is Art. 6 (1)(b) GDPR. The provision of this personal data is a contractual requirement, or a requirement necessary to enter into a contract. If you do not provide us with this personal data it is not possible to execute the contract, which means no Content can be accepted.
For full use of our app, access authorisations to certain functions/services of your device are required for the following purposes:
- Location: To send notifications about and show nearby tasks.
- Phone: To send push notifications and inform you about new tasks or how to complete a task.
- Photos/Media/Data: To upload already filmed content and save videos filmed through the app.
- Storage: To save and write data, e.g. video content.
- Camera and Microphone: To film video and sound content within the app.
- Device ID & call information: To send you push notifications.
- Other functions/services of your device:
- manage document storage
- receive data from Internet
- view network connections
- full network access
- draw over other apps
- control vibration
- prevent device from sleeping
- install shortcuts
You will be prompted the first time you start the App or when an authorisation is necessary for a function. The legal basis for data processing is then your consent pursuant to Art. 6(1)(a) GDPR. You are not obliged to give your consent. However, if you do not give your consent, you will not be able to use the App to its full extent. You can revoke or reaffirm your consent in the settings of your device at any time for future processing.
Access authorisation to “other functionalities/services” is in our legitimate interest, since it is necessary to run the App on the operating system. The legal basis is therefore Art. 6(1)(f) GDPR.
For further Information about the specific data accessible when authorising access to certain functions and how to revoke or reaffirm your consent, please refer to the following links:
For Android: https://support.google.com/googleplay/answer/6014972?p=app_permissions&rd=1&hl=en
For iOS: https://www.apple.com/privacy/manage-your-privacy/
and Apple Security White Paper Page 75.
3.6. Newsletter and E-Mail messages from us
There are several cases where Ruptly may use the email address that you have provided during the registration to send you messages.
- We will send you an email as you register to confirm that the address provided is correct.
- If you forget your password and request us to send you a temporary one, we will do so.
The legal basis for this is Art. 6(1)(f) GDPR as sending you this e-mails is within our legitimate interest in providing you the service of our app and notifying you about important changes.
- When you sell us a video through the App, you will be offered to sign a Copyright Release. A copy of it will be sent to your email account.
The legal basis for this is Art. 6(1)(b) GDPR as this is necessary to execute the concluded contract.
In case you register for our newsletter, we collect your e-mail address and send a confirmation e-mail with a confirmation link. You need to click to subscribe to our newsletter. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your e-mail address at a later time. You can unsubscribe from the newsletter at any time. You will find an explanation on how to revoke your consent in each of our newsletter e-mails or you can send a message to email@example.com. The legal basis is your expressly consent pursuant to Art. 6(1)(a) GDPR.
3.7. Chat Function
We process your personal data when you use our chat function. If you contact us via the chat function provided within the App, your details will be stored so that they can be used to process and answer your enquiry.
Depending on the subject of your inquiry, the legal basis for this data processing is the processing for the purpose of initiating or processing a contract, or our legitimate interest in providing a chat function for general enquiries (Art. 6(1)(b) or (f) GDPR). If you would like detailed information on the weighing of interests, please contact one of the addresses given under section 1.
3.8. Google SDK (Firebase Analytics)
We use the developer platform called “Google Firebase” as well as the associated functions and services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Firebase is a platform for developing apps for mobile devices and websites. Google Firebase offers a variety of features, which can be found on the following website: https://firebase.google.com/products/
The analysis of user interactions is carried out using the analysis service of Firebase Analytics. This service helps us to record your interactions. Events such as the first time the App is opened, the uninstalling of the App, updates, crashes or the frequency of use of the App are recorded. Certain user interests are also recorded and evaluated.
The information processed by Google Firebase about your use of this App is usually transferred to a Google server in the USA and stored there. However, Google will reduce your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand and thus make it anonymous. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and anonymized there. The data may also be used with other Google services, such as Google Analytics and Google marketing services. In this case, only pseudonymous information, such as the Android Advertising ID or the Advertising Identifier for iOS, will be processed to identify users' mobile devices. Additional information on the use of data for marketing purposes by Google can be found on the following website: https://www.google.com/policies/technologies/ads
The legal basis for this use is Art. 6(1)(f) GDPR. If you wish to object to interest-based advertising through Google marketing services, you can use the settings options provided by Google: http://www.google.com/ads/preferences
Further information on data protection at Google can be found at: https://policies.google.com/?hl=en
Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfer. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
3.9. Social Networks
Our App contains links to social networks, which are operated exclusively by third parties. For further information see section 2.2.
3.10. Payment Process
To process payments we work together with the service provider, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449 Luxembourg (PayPal) which supports us wholly or partially in execution of concluded contracts. Personal data is transferred to this service provider in accordance with the following information. We will pass on your payment data to this service provider within the framework of payment processing, if this is necessary for payment handling. If other payment service providers are used, we explicitly inform you of this. The legal basis for this data processing is Art. 6(1) (b) GDPR.
PayPal acts as a controller itself. Further information on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
4. Transfer to Recipients of Personal Data within the EEA
We will only pass on the personal data described here where necessary for the provision of our Service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transmitted to service providers involved in the provision of our Services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.
The Ruptly Stringer Website and App use the following processors:
- Infrastructure Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany provides underlying infrastructure services in the provision of the Services. Infrastructure Provider's role includes processing your personal data.
- Infrastructure Provider: Mitto AG, Bahnhofstrasse 21, 6300 Zug, Switzerland provides underlying infrastructure services in the provision of the Services. It includes processing your personal data, namely cellular number verification.
- Analytics Provider: Google provides anonymised analytics in the provision of the Services (see section 3.8).
Other than that we transmit personal data to other recipients only if there is a legal permission or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.
5. Transfer to Recipients of Personal Data in States outside the EEA
If necessary for our purposes, we may also transfer your data to recipients outside the EU. This is in particular the case if we have to transmit this data to recipients in third countries for the purposes of contract performance or due to legal obligations. Furthermore, we only transfer data to third countries where the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer. To ensure an adequate level of protection for the recipient of data, we in particular use the standard contractual clauses of the EU Commission on the transfer of personal data to third countries (controller to controller; controller to processors transfer), unless an adequacy decision within the meaning of Art. 45(1) GDPR has been taken by the EU Commission.
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for Ruptly to continue the processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
7. Your Rights
As a data subject of the data processing, you have the following rights:
- a right to confirmation as to whether personal data relating to you are processed by Ruptly and, if this applies, the right to access to this personal data (Art. 15 GDPR) as well as
- a right to rectification of your incorrect data (Art. 16 GDPR),
- a right to erasure (Art. 17 GDPR) or
- a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR), stating a specific reason, except in the case of direct mail. If you have provided the data, you can request the transmission of the data (Art. 22 GDPR). Whether and to what extent these rights exist in individual cases and under what conditions they apply is stipulated by law in the aforementioned legal norm. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke this at any time for the future (Art. 7(3) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at Ruptly, we recommend that you first contact our Data protection officer (see contact details under section 1).
8. Security Measures to protect your Personal Data
We protect your data by technical and organisational measures against unauthorised access, loss or destruction. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and the confidential handling of personal data. Our employees are trained accordingly.
To protect the personal data of our users, we use a secure online transmission procedure, the so-called “Secure Socket Layer” (SSL) transmission. You can recognise this by the fact that an “s” (“https://”) or a green, closed lock symbol is added to the address component http://. By clicking on the icon you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the encrypted and complete transmission of your data.
9. No Automated individual Decision-Making
We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.
Status: June 2018