Tommy Logo
Tommy Logo
DEITEN
Tommy Logo
Tommy Logo
DEITEN

Privacy

Privacy Policy for LimouApp

This Privacy Policy explains how personal data is processed within LimouApp, for what purposes this takes place, and what rights users have in this context.

Provider and Data Controller

2S Info & Media Management GmbH
Bgm.-Mahr-Str. 32
63179 Obertshausen
E-mail: info@2s-info-media.de

Types of Data Collected

The personal data that this application processes independently or through third parties includes, among other things, trackers, precise location, various types of data, as well as device permissions (continuous access to precise location, read permission for health data, and storage permission).

Provision of Data

Personal data may be voluntarily provided by the user or – in the case of usage data – collected automatically as soon as this application is used. Unless otherwise stated, the provision of all data requested by this application is mandatory. Refusal to provide such data may result in the application being unable to provide its services. Information marked as optional may be withheld without negative consequences. If there is any uncertainty as to which data is mandatory, the provider may be contacted.

Cookies and Tracking Technologies

Any use of cookies or other tracking tools by this application or by integrated third-party providers serves to provide the service requested by the user, as well as additional purposes described in this document (and, where applicable, in a cookie policy).

Responsibility for Third-Party Data

Users are responsible for any personal data of third parties that they obtain, publish or share through this application, and confirm that they have obtained the consent of those third parties for its transmission.

Nature and Place of Data Processing

Data is processed at the provider’s offices as well as at all other locations where the entities involved in the processing are located. Depending on the location of the users, this may involve data transfers to countries outside their own country; details can be found in the relevant sections of this Privacy Policy.

Processing Methods and Security Measures

The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorized access as well as unauthorized disclosure, alteration or destruction of data. Processing is carried out using computers and procedures aligned with the stated purposes.

Persons and Service Providers Involved

In addition to the data controller, internal parties (e.g. personnel administration, sales, marketing, legal department, system administrators) or external parties (e.g. technical service providers, delivery companies, hosting providers, IT companies, communication agencies) may have access to the data. An up-to-date list may be requested from the provider at any time.

Legal Bases for Processing

The provider processes personal data only if at least one of the following legal bases applies:

  • Users’ consent for one or more specific purposes (where applicable, including opt-out rules in certain jurisdictions where legally permitted).
  • Necessity for the performance of a contract with the user and/or pre-contractual measures.
  • Necessity to comply with a legal obligation.
  • Processing in the public interest or in the exercise of official authority.
  • Protection of the legitimate interests of the provider or a third party.

Information on the Specific Legal Basis

Upon request, the provider will gladly provide information on the specific legal basis for processing – in particular whether the provision of personal data is required by law or contract, or necessary for entering into a contract.

Retention Period

Personal data is processed and stored for as long as necessary for the purpose for which it was collected. It is then deleted. As a rule:

  • Data processed for contract performance is stored until the contract has been fully performed.
  • Data processed to protect legitimate interests is stored for as long as necessary for those purposes.
  • Where consent has been given, data may be stored for longer until such consent is withdrawn.
  • Longer storage may be required where legal obligations exist or an official order is in place.

Once the retention period has expired, personal data will be deleted; certain rights (e.g. erasure, rectification, data portability) may then no longer be exercised.

Purposes of Processing

Personal data is collected so that the provider can provide the service, comply with legal obligations, respond to enforcement requests, protect rights and interests (including those of users or third parties), and detect malicious or fraudulent activity. In addition, data is processed, among other things, for location-based interactions, data transfers outside the United Kingdom, and device permissions for access to personal data.

Device Permissions

Depending on the device, the application may request certain permissions. By default, these must be granted by the user before the corresponding information can be accessed. Consent once granted may be withdrawn at any time (e.g. via device settings or by contacting support). Withdrawal may impair the proper functioning of the application.

Permission to Determine Precise Location (Continuous)

This is required to access the user’s precise device location. The application may collect, use and share location data in order to provide location-based services.

Read Permission for Health Data

Allows reading the user’s health data.

Storage Permission

Used to access shared external storage, including reading and adding objects.

Detailed Information on the Processing of Personal Data

Personal data is processed through the use of specific services, in particular in connection with data transfers outside the United Kingdom, device permissions and location-based interactions.

Data Transfer Outside the United Kingdom

The provider may transfer personal data collected within the United Kingdom to third countries only under certain conditions (so-called “restricted transfers”). Such transfers are carried out solely on the basis of one of the legal bases described. Users may ask the provider which legal basis applies to which service.

Data Transfer Pursuant to an Adequacy Regulation (United Kingdom)

Where this is the legal basis, personal data is transferred from the United Kingdom to third countries in accordance with an “adequacy regulation” of the UK government. An updated list of such adequacy regulations can be found on the website of the Information Commissioner’s Office (ICO). Personal data processed: various types of data.

Location-Based Interactions

The application may collect, use and share the user’s position data in order to provide location-based services. Devices and browsers are often configured by default so that geolocation is disabled; access takes place only with express permission.

Non-Continuous Geolocation

The location is not determined continuously, either at the user’s express request or when the user does not provide the location directly and the app allows automatic determination. Personal data processed: precise location.

Geolocation

Upon express permission, the application may access position data and process it to provide location-based services. Personal data processed: precise location.

localStorage

localStorage allows this application to store and retrieve data in the user’s browser without a time limit.

Users’ Rights

Users may exercise certain rights in relation to their data processed by the provider, to the extent permitted by law, in particular:

  • Withdraw consent at any time.
  • Object to processing (in particular where processing is based on a legal basis other than consent).
  • Obtain confirmation as to whether and how data is processed, including a copy of the data.
  • Have data corrected or updated.
  • Request restriction of processing.
  • Request the deletion or other removal of personal data.
  • Receive data in a structured, commonly used and machine-readable format and, where technically feasible, have it transferred to another controller.
  • Lodge a complaint with the competent supervisory authority.

Details of the Right to Object

Where personal data is processed in the public interest, in the exercise of official authority or for the protection of legitimate interests, the user may object by providing reasons arising from their particular situation. Users may also object at any time, free of charge and without giving reasons, to processing for direct marketing purposes; in that case, the data will no longer be processed for direct marketing.

Exercising Rights

Requests to exercise users’ rights may be directed to the provider using the contact details provided in this document. Requests are free of charge and will be answered as early as possible, and no later than within one month. The provider will inform recipients – where such recipients exist – of any rectification, erasure or restriction, unless this proves impossible or involves disproportionate effort. Upon request, the provider will inform the user about those recipients.

Legal Action

Personal data may be processed by the provider for the purposes of legal enforcement within or in preparation for judicial proceedings where this application or the related services have not been used properly. Users acknowledge that authorities may require the provider to disclose personal data.

System Logs and Maintenance

This application and/or third-party services may collect files that record interactions (system logs) for operational and maintenance purposes, or use other personal data (e.g. IP address) for these purposes.

Information Not Contained in This Privacy Policy

Further information about the collection or processing of personal data may be requested from the provider at any time using the contact details provided.

Do Not Track

This application does not support “Do Not Track” requests from web browsers. To determine whether any integrated third-party services support the Do Not Track protocol, users should consult the privacy policy of the respective service.

Changes to This Privacy Policy

The provider may change this Privacy Policy at any time by informing users on this page and – where technically and legally feasible – also through the application and/or by notice (if contact details are available). Users are asked to check the date of the last change at the bottom of the page. Where changes affect processing based on consent, new consent will be obtained where required.

Definitions

For better understanding, the following terms, among others, apply:

  • Personal Data: Information that can directly or indirectly identify a natural person.
  • Usage Data: Data collected automatically (e.g. IP address, URI, time of request, response status, browser/OS information, duration of use, click paths, device/IT environment).
  • User: The person using this application.
  • Data Subject: The person to whom personal data relates.
  • Processor: The entity processing personal data on behalf of the controller.
  • Controller/Provider: The entity deciding on the purposes and means of processing.
  • This Application: The hardware/software tool through which data is collected and processed.
  • Service: The service offered by this application.
  • EU/EEA: European Union and European Economic Area, unless otherwise stated.
  • Cookie: A tracker in the form of a small data record stored in the browser.
  • Tracker: Technologies used for tracking (e.g. cookies, unique identifiers, web beacons, fingerprinting).

Legal Notice

This Privacy Policy was created on the basis of various laws, including Articles 13/14 of Regulation (EU) 2016/679 (GDPR), and relates exclusively to this application unless otherwise stated.