1. Who are we?
1.1. We are tinyworker UG (haftungbeschränkt) (“tinyworker“). You can reach us under the following contact data:
1.2. tinyworker is a “data controller” as defined by the applicable data privacy regulations. This means that we are responsible for deciding how to store and use your personal data.
1.3. This policy notifies you how we process personal data that we collect from you or that you give us.
1.4. This policy pertains to data collected about you when you use our website and our mobile applications (called “website” and “mobile apps” hereinafter).
2. What data do we collect?
2.1. We collect the following data in connection with your use of our website and the mobile apps:
2.1.1. Details about contact with our support team and the data you provide in this context (e.g. contact data);
2.1.2. Details about your visits to our website and use of the mobile apps (e.g. location data, weblogs, other communication data and resources you use);
2.1.3. Information about your use of our information and communications systems;
2.1.4. Browser information and online identifiers (such as your browser types, your browser version, your host operating system, your browser language and your IP address);
2.1.5. Information about your visit to the websites and use of the mobile apps (such as URLs, clickstream to, on, and away from our website, page reaction times, download errors, duration of visits to particular pages, information about interaction between pages (such as scrolling, clicks, and mouse movements) and methods of leaving the page);
2.1.6. Aggregated information (such as aggregated data traffic information that is collected during your visit to the websites and use of the mobile apps).
2.2. If you have consented to receiving a newsletter:
2.2.1. The email address you provided.
2.3. We do not knowingly collect personal information of children (i.e. individuals under 18 years old) in connection with visits to our website and use of our mobile apps. If it is brought to our attention that we have received data from individuals under 18 years old, we will make appropriate efforts to remove it from our records.
3. For what purposes do we process your data?
3.1. We process the data listed in number 2.1 for the following purposes:
3.1.1. To ensure a smooth connection to the website and running of the mobile apps;
3.1.2. To ensure comfortable use of our website and the mobile apps;
3.1.3. To evaluate system security and stability;
3.1.4. To process your support requests;
3.1.5. For other administrative purposes.
3.2. We only process the data listed in number 2.2 for marketing purposes to provide you with information about our products and services in a newsletter, if you have given us your permission to do this. You have the right to revoke consent to the use of your data for marketing purposes at any time with effect for the future. Please contact firstname.lastname@example.org by email to do this.
4. On what legal basis do we process your data?
4.1. The legal basis for the processing described in numbers 3.1 arises from our legitimate business interest pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR.
4.2. The legal basis for the processing described in numbers 3.2 arises from your consent pursuant to Art. 6 (1), sentence 1, point (a) of the GDPR.
5. Transmission of your data
5.1. Subject to explicit regulations otherwise in this policy, your data is only transmitted to third parties if
5.1.1. We have received your explicit consent to this pursuant to Art. 6 (1), sentence 1, point (a) of the GDPR;
5.1.2. The transmission is necessary pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR to establish, exercise, or defend legal claims and there is no reason to assume that you have a prevailing protected interest in non-transmission of your data;
5.1.3. If a statutory obligation exists in regard to the transmission pursuant to Art. 6 (1), sentence 1, point (c) of the GDPR; and
5.1.4. This is legally permissible and is required to process contractual relationships with you pursuant to Art. 6 (1), sentence 1, point (b) of the GDPR GDPR.
5.2. If you have consented to receive newsletters, your email address will be transmitted to service providers of Fox & Sheep that support us technically in sending our newsletters. Such transmission takes place solely within the framework of a contract data processing agreement under which we have authority to issue instructions in regard to the affected data. If the service provider’s registered office is outside the EU or the EEA, we ensure a level of data privacy that complies with applicable data privacy regulations.
5.3. If you click on an affiliate link on our website or in our mobile apps, the relevant vendor of the shop only receives from us the information that the click came from our website or our mobile app.
6. Links to other websites
6.1. The website and our mobile apps may contain links to third-party websites. If you follow a link to such a website, please note that your use of such a website is subject to the data privacy conditions of said website and that we assume no responsibility or liability for your use of such a website. Please read the data privacy conditions of this third-party website before transmitting personal data to such a website.
7. Storage and deletion of your data
7.1. We only store your personal data as long as necessary to fulfill the purposes for which we collected it, including to fulfill legal, accounting, or reporting obligations.
7.2. In some cases, we may anonymize your personal data so that it can no longer be linked to you; in such a case, we may use this data without further notifying you.
9. Analytical tools
9.1. Tracking tools
The tracking measures listed below and used by us are implemented based on Art. 6 (1), sentence 1, point (f) of the GDPR. The tracking measures used are intended to ensure needs-based design and continuous optimization of our website or our mobile apps. We also use tracking measures to record statistics about the use of our website or mobile apps and analyze them in order to optimize our offer for you. These interests are legitimate as defined by the regulation cited above. The particular data processing aims and data categories can be found in the corresponding tracking tools.
9.1.1. Google Analytics
For purposes of needs-based design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.com/intl/de/analytics/ ) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google“). Pseudonymized use profiles are generated and cookies (see number 4) are used in this context. The information about your use of our website or our mobile apps generated by the cookie, such as
You can prevent cookies from being installed by disabling the corresponding setting in your browser software; however, we advise that in this case the full functionally of our website may not be able to be used. You can also prevent the collection of the data generated by the cookie about your use of our website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de ). As an alternative to the browser add-on, especially for browsers on mobile end devices, you can also prevent collection by Google Analytics by clicking on this link. An opt-out cookie is placed that prevents the future collection of your data when visiting our website. The opt-out cookie is only active in this browser and only for our website and is stored on your device. If you delete cookies on this browser, you must replace the opt-out cookie. You can find further information about data privacy in relation to Google Analytics in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de ).
9.1.2. Google Adwords conversion
We also use Google conversion tracking to record statistics about the use of our website or our mobile apps and analyze them in order to optimize our website or our mobile apps for you. Google Adwords places a cookie (see number 8) on your computer if you arrived at our website through a Google ad on our website or our mobile apps. These cookies expire after 30 days and do not act as personal identification. If the user visits certain pages on the website or mobile apps of the Adwords customer and the cookie has not yet expired, Google and the customer can detect that the user clicked on the ad and was forwarded to this page. Data privacy authorities require a contract data processing agreement to be concluded for lawful use of Google Analytics. Google offers a template at http://www.google.com/analytics/terms/de.pdf. Every Adwords customer receives a different cookie. Cookies therefore cannot be traced through the websites or mobile apps of Adwords customers. The information obtained using conversion cookies helps create conversion statistics for Adwords customers that have chosen to use conversation tracking. Adwords customers learn the total number of users who have clicked on their ad and been forwarded to a website or mobile app that has a conversion tracking tag. However, they do not receive any information that could personally identify users. If you don’t want to participate in tracking, you can also refuse placement of a cookie required for this, for example using a browser setting that deactivates automatic placement of cookies in general. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked. You can find Google’s data privacy notice about conversion tracking here (https://services.google.com/sitestats/de.html).
9.1.4. Facebook Analytics for Apps (Facebook Inc.)
We use Facebook Analytics for Apps for analysis and statistical evaluation of the use of our apps. We can use the statistics we obtain to improve our services and to make our apps for you as a user more interesting. For the cases, in which personal data is transferred to the USA, Facebook uses standard data protection clauses adopted by the European Commission. Furthermore, the transfer of data from the EEA to the United States and other countries can be based on adequacy decisions of the European Commission. For further information please click https://www.facebook.com/about/privacy/.
9.1.5. Fabric Answers (Google Inc.)
Fabric Answers is an analytics service provided by Crashlytics, a business division of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google“) (“Crashlytics“). In order to understand Google’s use of data, please consult Google’s partner policy under (https://policies.google.com/privacy).
10. Social Media Plug-Ins
10.1. On the basis of Art. 6 (1), sentence 1, point (f) of the GDPR, we place social media plug-ins of the social networks Facebook, Twitter, and Instagram on our website or our mobile apps to raise our company’s profile through them. The advertising purpose behind this is considered a legitimate interest as defined by the GDPR. Responsibility for operation that complies with data privacy must be guaranteed by the respective providers. We incorporate these plug-ins using the so-called two-click method to protect users of our website or our mobile apps as well as we can.
SuperAwesome is a COPPA compliant advertising network that provides contextual advertising and does not collect identifiers to track users. We use the SuperAwesome Development Kits in some of our apps, which are provided by SuperAwesome Trading Limited, a private limited company incorporated in England (Company Number: 09769338), having its registered office at 22 Long Acre, London, WC2E 9LY (“SuperAwesome“). If you view one of the ads within our apps a hashed ID is created from your IDFA in combination with a randomized ID and non-personal information collected via your device. This hashed ID is also used for the purpose of ad frequency capping. If you as user have limited ad tracking through your device, then a hashed ID will not be created from this technical information and you may see certain ads more repetitively since there would be no ad frequency capping enabled.
Information that is collected through our apps by SuperAwesome in this regard will only be available to SuperAwesome as well as Fox & Sheep and is not shared with any third party. You can find further information about this under https://www.superawesome.com/privacy-hub/awesomeads-privacy-policy/
12.2. Facebook Ads conversion tracking (Facebook, Inc.)
We use Facebook Ads conversion tracking for analysis and statistical evaluation of the use of our apps. We can use the statistics we obtain to improve our services and to make our apps for you as a user more interesting. For the cases, in which personal data is transferred to the USA, Facebook uses standard data protection clauses adopted by the European Commission. Furthermore, the transfer of data from the EEA to the United States and other countries can be based on adequacy decisions of the European Commission. For further information please click https://www.facebook.com/about/privacy/.
13. Your rights
You have the right:
13.1. Under Art. 15 GDPR, to request information about your personal data that we process. In particular, you can request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which it will be stored, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your information if it was not collected from us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details;
13.2. Under Art. 16 of the GDPR, to request the rectification of inaccurate or completion of the personal data stored by us without undue delay;
13.3. Under Art. 17 of the GDPR, to request erasure of personal data stored by us unless the processing is necessary to exercise the right to free expression and information, to comply with a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims;
13.4. Under Art. 18 of the GDPR, to request the restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose erasure, and we no longer need the data, but you need it to establish, exercise, or defend legal claims or you have objected to processing under Art. 21 of the GDPR;
13.5. Under Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
13.6. Under Art. 7 (3) of the GDPR, to revoke at any time the consent you granted to us. The consequence of this is that we may in future no longer continue the data processing based on this consent and
13.7. Under Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can do this with the supervisory authority of your habitual residence or place of work or our corporate headquarters.
14. Right to object
Insofar as your personal data is processed based on legitimate interests pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR, you have the right under Art. 21 of the GDPR to object to the processing of your personal data if there are grounds that arise from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object that we will implement without requiring any particular situation. If you wish to make use of your right to revoke consent or to object, an email to email@example.com suffices.
15. Data security
We make use of appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, full or partial loss or destruction, and unauthorized access by third parties. Our security measures are continuously being improved as technology develops.