App Privacy Policy

The mobile application "urbanhive" (hereinafter "App") is provided by urbanhive GmbH, Wallgraben 5, 48356 Nordwalde (hereinafter "we" or "us").
Within the App, you can create a user account (hereinafter "Registration") to use various functions related to controlling the homefarm, minifarm, and the utilization of their produce.
The App and its functions are free of charge.
When using the Services, we process personal data. Personal data means all information relating to an identified or identifiable natural person.
Because the protection of your privacy when using the Services is important to us, we would like to inform you with the following information about which personal data we process when you use the Services and how we handle this data.
You can access this privacy policy at any time on the internet platform and in the App.

1. Name and contact details of the controller
Controller:
urbanhive GmbH
Wallgraben 5
48356 Nordwalde
Email: support@urbanhive.de

2. Data processing in the App
a) When downloading the App
When downloading the App, certain necessary information is transmitted to the app store you selected (e.g., Google Play or Apple App Store), in particular, the user's name, email address, customer number, time of download, and individual device identifier may be processed. The processing of this data is carried out exclusively by the respective app store and is outside our sphere of influence.

b) When registering a user account and using the App

When you register and create a user account, we use the login data you provide (name, email address, and password) to grant you access to your user account and manage it ("Mandatory Information").
We use the Mandatory Information to authenticate you during login and to respond to requests for password resets. The data you enter during registration or login is processed and used by us (1) to verify your authorization to manage the user account; (2) to enforce the terms of use of the Services and all related rights and obligations; and (3) to contact you to send you technical or legal notices, updates to our functions, security messages, or other messages relating to the management of the user account.
In addition, when using our Service, you can provide a variety of other information (e.g., about your homefarm or minifarm) (hereinafter "User Data").

The App also requires the following permissions:

Internet access: This is required to save your input on our servers.
To the extent required for individual functions, you can also grant the App the following permissions:
Wifi: Required for communication between homefarm, minifarm and app.
Bluetooth: Required for the initial setup of the homefarm.
Location: Some devices (e.g. with Android up to and including version 10) require access to the location to search for Bluetooth devices in the vicinity.

We process this User Data to be able to offer and provide you with the functions within our Services.
This processing of Mandatory Information and User Data is legitimate because (1) the processing is necessary for the performance of the contract between you and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the Services, or (2) we have a legitimate interest in ensuring the functionality and fault-free operation of the Services, which outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR.

c) Use of third-party tools

We use the following third-party tools in some areas to improve our service:

• Firebase Analytics
• Firebase Crashlytics

3. Disclosure of data
Your personal data will only be disclosed without your express prior consent in cases explicitly mentioned in this privacy policy, or when legally permissible or required.
If it is necessary to clarify illegal or abusive use of the Services or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities, and if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of illegal or abusive behavior. Disclosure may also take place if it serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public bodies upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and tax authorities.
Any disclosure of personal data is justified by the fact that (1) the processing is necessary for the fulfillment of a legal obligation to which we are subject in accordance with Art. 6 para. 1 lit. f) GDPR in conjunction with national legal provisions on the disclosure of data to law enforcement agencies, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or for the enforcement of our terms of use, other terms, or legal claims, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not outweigh this.

Any disclosure of personal data is justified by the fact that we have carefully selected, regularly reviewed, and contractually obligated our affiliated companies and external service providers as processors within the framework of Art. 28 para. 1 GDPR to process all personal data exclusively according to our instructions.

4. Data transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place within the scope of using third-party services, this will only be done in accordance with legal requirements. Subject to explicit consent or contractually or legally required transfers, we will only process or have the data processed in third countries with a recognized level of data protection or on the basis of a contractual obligation through so-called standard contractual clauses of the EU Commission.

5. Data retention period
We delete or anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it according to the preceding paragraphs. As a rule, we store your personal data for the duration of the user or contractual relationship concerning the Services plus a period of 30 days, during which we keep backup copies after deletion, unless this data is required longer for criminal prosecution or to secure, assert, or enforce legal claims.
Specific information in this privacy policy or legal requirements for the retention and deletion of personal data, especially those that we must retain for tax reasons, remain unaffected.

Data Storage and End-of-Life Policy
We commit to securely storing and processing our users' data in accordance with applicable data protection laws. Should the App reach an end-of-life in the future, we will inform users in good time and ensure that all personal data is treated in accordance with applicable data protection law and, if necessary, deleted or transferred to the users. However, there are currently no planned changes to the lifecycle of this App.

6. Your rights as a data subject
a) Right of access
You have the right to request information from us at any time, upon request, about the personal data concerning you that we process, to the extent of Art. 15 GDPR. You can submit a request by post or email to the address provided above.

b) Right to rectification of inaccurate data

You have the right to demand from us the immediate rectification of inaccurate personal data concerning you.

c) Right to erasure

You have the right to demand from us the erasure of personal data concerning you under the conditions described in Art. 17 GDPR. These conditions particularly provide for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection, or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. For the period of data storage, please refer to Section 6 of this privacy policy.

d) Right to restriction of processing

You have the right to request from us the restriction of processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is contested between the user and us, for a period enabling us to verify the accuracy, as well as in the event that the user, in the context of an existing right to erasure, requests restricted processing instead of erasure; furthermore, in the event that the data is no longer required for the purposes pursued by us, but the user needs it for the establishment, exercise or defense of legal claims, and if the successful exercise of an objection between us and the user is still disputed.

e) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR.

f) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) or f) GDPR, in accordance with Art. 21 GDPR. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

g) Right to lodge a complaint

You also have the right to lodge a complaint with the competent supervisory authority.

7. Contact
Should you have any questions or comments about our handling of your personal data or if you wish to exercise the rights mentioned in Section 7 as a data subject, please contact us using the contact details provided above.

Responsible Disclosure of Vulnerabilities
We take the security of our systems and the confidentiality of your data very seriously. Should you identify a vulnerability, please contact us at security@urbanhive.de. All security reports will be treated confidentially and reviewed according to our internal security policies.

8. Changes to this Privacy Policy
We keep this Privacy Policy up to date. Therefore, we reserve the right to change it from time to time and to incorporate changes in the collection, processing, or use of your data.

 

As of: 27.10.2024