Data protection

Data protection information for the Airbeat One app

1. Data protection, responsible person and data protection officer

In the following, we will inform you about the collection of personal data when using our mobile iPhone and Android app (hereinafter “app”). Personal data is all data that can be related to you personally, such as name, address, e-mail addresses, user behavior.

This privacy policy explains what data we collect when using the app and what we use it for. It also explains how and for what purpose this is done.

If we process your data, this is regularly done on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, for the purpose of fulfilling the contract in accordance with Art. 6 para. 1 lit. b DSGVO, which are always balanced with your interests and, if applicable, existing obligations in accordance with Art. 6 para. 1 lit. c GDPR.

We would like to point out that data transmission on the Internet may have security gaps. Complete protection of data from access by third parties is simply not possible.

Unless a specific storage period has been specified in this data protection information, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to exist.

2. Name and contact details of the person responsible for processing and the data protection officer

This data protection information applies to data processing by:

responsible person:
Airbeat One GmbH, Paulstraße 2a, 19249 Lübtheen, Germany
Management: Sebastian Eggert, Christian Diekmann, Benedikt Alder
E-mail: support@me-events.de

You can contact our data protection officer here:
info@grabowski-beratung.de

3. General information and mandatory information

a) Download and install the app

You can download our app from an app store of your choice (AppleApp Store or Google Play Store) to your devices (e.g. smartphone). When you download the app to your mobile device, the necessary information is transferred to the respective app store, in particular the username, email address and customer number of your account, time of download and the individual device ID. However, we have no influence on this data collection and are not responsible for it. We process the data provided insofar as this is necessary to download the app to your mobile device. Furthermore, they are no longer saved. The legal basis for this data processing is Art. 6 para. 1 lit. b and f DSGVO, as it may be in our legitimate interest as well as the performance of the contract to process the data required for download and installation.

When using the stores, please note their privacy policies:

Apple App Store: https://www.apple.com/de/privacy/

Google PlayStore: https://policies.google.com/privacy

b) SSL or TLS encryption

This app uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as an app operator. This encryption prevents the data you submit from being read by unauthorized third parties.

c) External hosting of the app

In addition to storing the data locally on your device (e.g. smartphone), it is necessary to store your device data on the servers of our IT service provider to ensure that the app works.

It uses Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter AWS) for hosting.

The servers were carefully selected and are located exclusively within the EU/EEA, specifically in Frankfurt. However, we cannot completely rule out the possibility that personal data may be transferred to the parent company of AWS in the USA in exceptional cases. Data transfer to the USA is based on EU standard contractual clauses.

Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

For more information, see the AWS privacy policy at https://aws.amazon.com/de/privacy/?nc1=f_pr remove.

The use of AWS is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our application as reliably as possible.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). This is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TOWQAA4&status=Active

4. App access rights

To provide our services via the app, we need the access rights listed below, which enable us to access certain functions of your device.

• location data

Access and storage on our servers is necessary to ensure the functionalities of the app, such as the use of the site plan. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG and — if a contract has been concluded — the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b GDPR). You can refuse to use your location data via your device settings, but some of the functions will then be unavailable to you.

5. Data collection within the app

a) Use of cookies or similar technologies

1. General notes

Our app uses cookie-like technologies/tokens. These can be digital certificates, for example, but they do not cause any damage to your device. They are stored either temporarily for the duration of a session or permanently on your device to keep the logged-in session active.

These technologies have various functions and may be technically necessary, as certain app functions, such as logging in, would not work without them. Others can be used to evaluate user behavior in order to better understand the use of one's own products or even to analyze the stability of the services. Depending on the purpose, these are stored regularly on the basis of Art. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in storing them for the technically error-free and optimized provision of our services.

If consent to storage has been requested, for example because measurements of user behavior are being carried out, storage is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be withdrawn at any time.

2. Consent with ConsentManager

Our app uses ConsentManager's consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden,

Site: https://www.consentmanager.de (Hereinafter “ConsentManager”).

When you use our app, a connection is made to ConsentManager's servers to obtain your consent and other cookie usage explanations. TConsentManager then stores a cookie in order to be able to assign the consents given or their revocation. The data collected in this way is stored until you ask us to delete it, delete the consent manager provider cookie yourself, or the purpose for data storage no longer applies.

Mandatory legal storage obligations remain unaffected.

The ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

b) Analytical data

1. Google Firebase Crashlytics

This app uses technology from Google Firebase (GoogleInc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”), an analysis service provided by Google Inc., to report crashes and ensure that the app is running.

The information generated about usage (app version, type and version of the device used, version of the operating system, date and time of use, app crashes, updates, as well as the IP address used during use) is transmitted to a Google server in the USA and stored there.

For relevant data transfers to the USA, Google relies on certification in accordance with the EU-US Data Privacy Framework.

The legal basis for the use and evaluation of data centers is legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. The legitimate interest lies in the technical functionality of the app and the detection of errors and technical problems.

You can see which subcontractor Google uses under the following link: https://firebase.google.com/terms/subprocessors.

You can find more information about Google Firebase and data protection here: https://firebase.google.com/terms/data-processing-terms; https://firebase.google.com/terms/; https://firebase.google.com/support/privacy/.

2. Google Firebase Cloud Messaging

If you have activated the push function to inform yourself about security-relevant events and receive information about the festival, Firebase Cloud Messaging is used, which is necessary to send push messages to Apple and Android devices. This technology is also a Firebase service from the provider Google Inc. (hereinafter Google), 1600 Amphitheatre Parkway, MountainView, CA 94043, USA.

The legal basis for processing is legitimate interests in accordance with Article 6 (1) (f) GDPR. The legitimate interest lies in the technical functionality of the app/ the ability to send you messages.

For relevant data transfers to the USA, Google relies on certification in accordance with the EU-US Data Privacy Framework.

Details can be found here: https://firebase.google.com/support/privacy.

You can find more information about Google Firebase and data protection here: https://firebase.google.com/terms/data-processing-terms and https://firebase.google.com/terms/.

3. Google Firebase Analytics

We also use features of the web and app analytics service Google Analytics via Firebase. The provider is Google Ireland Limited (“Google”), Gordon House, BarrowStreet, Dublin 4, Ireland.

Google Analytics 4 allows the app operator to analyze user behavior. In doing so, we receive reports on usage data, such as visits, length of stay, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the user's respective terminal device. We can also record clicks with Google Analyticsu. a. Google Analytics also uses various modelling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. cookies, tokens, or device fingerprinting).

The information collected by Google about the use of this app is usually transferred to a Google server in the USA and stored there. Google Analytics 4 enables the anonymization of IP addresses by default. As a result of IP anonymization, your IP address is abbreviated by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. According to the provider, the IP address transmitted by Google Analytics will not be combined with other Google data.

The data mentioned to analyze user behavior using Google Analytics 4 for Firebase is automatically deleted after 14 months.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. The consent can be withdrawn at any time.

Data transfer to the USA is based on certification in accordance with the EU-US Data Privacy Framework.

You can find details here:

https://privacy.google.com/businesses/controllerterms/mccs/

Google is also certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please visit the following link:

https://www.dataprivacyframework.gov/participant/5780

Collection of location data

Users can determine the location of selected functions using the location function on their smartphones. For example, we can automatically give you the latest information about stages, food spots or awareness points in your area. The location rules can be deactivated at any time via the system settings of your device.

Mapbox

So that you can better localize yourself at our events, we have integrated Mapbox. The provider is Mapbox, Inc. 740 15th Street NW, 5th Floor, Washington, District of Columbia 20005, USA (hereinafter “Mapbox”). With the help of this service, we can integrate map material on our website.

To use the functions of Mapbox, it is necessary to save your IP address, session ID and geodata. This information is transmitted anonymously and encrypted to an AmazonWeb Services server in the USA and stored there. The provider of this site has no influence on this data transfer.

The legal basis is legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. The legitimate interest lies in providing map services and implementing the essential app functions.

You can find further details in the provider's privacy policy at https://www.mapbox.com/legal/privacy remove.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF), which is intended to guarantee a level of data protection similar to that of the EU and has been considered appropriate by the EU.

6. Disclosure of personal data

a) Legal bases

We only share your personal data with third parties insofar as this is necessary to achieve our purposes and at least one of the following legal bases exists:

• You have expressly given your consent in accordance with Article 6 (1) (a) GDPR,
• this is legally permitted and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you,
• in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
• The transfer in accordance with Article 6 (1) (f) GDPR is necessary to protect our legitimate interests, unless your interests, fundamental rights and fundamental freedoms, which require the protection of your personal data, prevail.

b) Data transfer to the USA

We rely largely, but not exclusively, on service providers based within the EU/EEA or a third country for which the European Commission has adopted an adequacy decision within the meaning of Article 45 GDPR. However, even with service providers based within the EU/ERW, we cannot guarantee in individual cases that they store or process your data exclusively on servers in countries with a level of protection comparable to that in the EU/EEA.

Among other things, we use tools from companies based in the USA. If these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that the European Commission has adopted an adequacy decision for the EU-U.S. Data Privacy Framework (successor to the “Privacy Shield”). The decision states that the United States will ensure an adequate level of protection — comparable to that of the European Union — for personal data transferred from the EU to US companies under the new framework. On the basis of this sectoral adequacy decision, personal data can be securely transferred from EU ANUS companies that participate in the framework (“Data Privacy Framework”) without the need to introduce additional data protection guarantees. To participate, companies must be certified by the U.S. Department of Commerce. If you have not done so, the appropriateness decision does not serve as a basis for secure data transmission. In these cases, we conclude standard contractual clauses (SCC) with service providers. By concluding the standard contractual clauses within the meaning of Art. 46 para. 2 lit. c GDPR, we provide guarantees for the protection of your data.

In addition, we encrypt or pseudonymize personal data before transmission to a service provider in a third country, provided this is technically possible and appropriate.

7. Rights of data subjects

You have the right

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, unless it was collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about request their details;
• in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us;
• to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR;
• in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
• in accordance with Article 7 (3) GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future; and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.

8. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.

If you would like to exercise your right of objection, simply send an e-mail to support@me-events.de

9. data security

Within the app call, we use the popular SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your device. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.

10. Matchmaking features

They have the option to use the app's matchmaking function. With this function, you can provide your interests and wishes as well as further information about yourself. Your information is used to connect you with others. On the one hand, suggestions will be made to you about potential matches/matches, but your information will also be made available to other users and, if necessary, you will be shown as a match partner and enable communication and meeting arrangements. Entering your data is voluntary. Registration is required to use the function. Processing is carried out for the purpose of fulfilling the contract in accordance with Art. 6 para. 1lit. b GDPR.

11. Timeliness and amendment of this data protection information

This data protection information is currently valid and was last updated in December 2024.

As a result of the further development of our app and offers, or due to changed legal or regulatory requirements, it may be necessary to change this data protection information.

‍