Privacy Policy for the Android App “Connecting Colors”

1. Controller

The controller within the meaning of the GDPR is:

2. Collection and Storage of Personal Data as well as the Type and Purpose of Processing

We generally process personal data of our users only to the extent necessary to provide our app and deliver our services, or if you have consented to the data processing.

• Usage Data: When you download and use our app, certain information may be collected automatically (e.g., IP address, device information, operating system, app version, time and duration of use). These data are processed solely for the purpose of providing, optimizing, and securing the app.
• Contact Requests: If you contact us by email, we process your email address and any additional information you provide for the purpose of responding to your inquiry.

3. Use of Analytics and Advertising Services

We use various Google services to optimize our app, identify and fix errors, and display advertisements. In doing so, data may be transferred to Google, including in the United States. Google adheres to the Standard Contractual Clauses of the European Commission to ensure an adequate level of data protection.

3.1 Google Analytics for Firebase

We use Google Analytics for Firebase, a service provided by Google, to analyze usage of our app. This tool allows us to track how users interact with our app, detect crashes and performance issues, and conduct statistical analyses.

Data Processed: Information such as device details, session duration, in-app interactions, and technical parameters (e.g., operating system, app version) are processed. These data are pseudonymized, meaning Google does not receive direct personal data such as names or email addresses.

Purpose of Processing: The data are used for analysis, continuous improvement of our app, and error resolution.

Legal Basis: Processing is based on Article 6(1)(f) GDPR (legitimate interests). Our legitimate interest is to improve the stability and functionality of our app as well as optimize our services.

3.2 Firebase Crashlytics

We use Crashlytics, a service by Google Firebase, to quickly identify and resolve crashes and errors in our app.

Data Processed: Crash reports usually contain information about the device (e.g., device type, operating system version), the time of the crash, the app version, and other technical information relevant for troubleshooting.

Purpose of Processing: Crashlytics helps us stabilize and improve our app by analyzing crash reports.

Legal Basis: Processing is based on Article 6(1)(f) GDPR (legitimate interests). Our legitimate interest is to ensure the functionality and security of our app.

3.3 Google AdMob

We use Google AdMob to display advertisements within our app. AdMob is a service by Google that enables the integration of banner ads or other ad formats.

Data Processed: When displaying ads, pseudonymized data such as the Advertising ID (on Android), IP address, device type, operating system, and usage information may be transmitted. Depending on your consent settings, AdMob may show personalized or non-personalized ads.

Purpose of Processing: The data are processed for the purpose of providing (personalized) ads and analyzing ad performance.

Legal Basis: Where consent for personalized advertising is obtained, the legal basis is Article 6(1)(a) GDPR (consent). For non-personalized ads or strictly technical purposes, Article 6(1)(f) GDPR (legitimate interests) may apply if no opt-in for personalized ads has been provided.

Note: You can change your ad settings at any time in your device or account settings and opt out of personalized advertising.

4. Legal Bases for Processing

The processing of your personal data is based on the following legal grounds:

• Article 6(1)(a) GDPR (Consent): To the extent that you have given us consent for certain processing purposes (e.g., personalized advertising).
• Article 6(1)(b) GDPR (Performance of a Contract): To the extent that processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
• Article 6(1)(f) GDPR (Legitimate Interests): To the extent that processing is necessary for the purposes of our legitimate interests and your interests or fundamental rights and freedoms do not override these interests.

5. Disclosure of Data

We do not share your personal data with third parties unless one of the following applies:

• You have explicitly given your consent pursuant to Article 6(1)(a) GDPR.
• Disclosure is necessary for the performance of a contract with you (Article 6(1)(b) GDPR).
• There is a legal obligation to disclose (Article 6(1)(c) GDPR).
• Disclosure is necessary for the purposes of our legitimate interests pursuant to Article 6(1)(f) GDPR, and there is no reason to believe you have an overriding legitimate interest in non-disclosure of your data.

Regarding the mentioned Google services (Analytics for Firebase, Crashlytics, AdMob), data may be transferred to Google as a processor. Data may be transmitted to the United States. Google has committed to the European Commission’s Standard Contractual Clauses to ensure an adequate level of data protection.

6. Retention Period and Deletion

We only store your personal data for as long as necessary to achieve the purposes mentioned here or as required by statutory retention periods. After the relevant purpose no longer applies or upon expiration of these periods, the corresponding data are routinely deleted in accordance with legal requirements.

7. Rights of the Data Subject

If your personal data are being processed, you are a data subject within the meaning of the GDPR, and you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

If you wish to exercise any of these rights, you may contact us at any time using the contact details provided above.

8. Data Security

We use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved according to technological developments.

9. Updates and Changes to this Privacy Policy

This Privacy Policy is currently valid and was last updated on [Please insert current date]. Due to further development of our app or changed legal or regulatory requirements, it may be necessary to amend this Privacy Policy. The latest version can be accessed at any time within the app or on our website.

10. Contact

If you have any questions regarding the collection, processing, or use of your personal data, or if you seek information, rectification, blocking, or deletion of data, or wish to revoke any consents given, please contact us at: