Privacy policy

Data Protection Statement

Drunr takes the protection of your personal data seriously. Below you will find more information concerning the scope and purpose of collecting data

Principle of anonymous data use

When you access our website or apps, some information, such as your IP address, is transferred. You also provide information about the geographic location of your device. We cannot use this data to identify an individual user.

Collection and processing of personal data

We only collect personal data to set up an account for using our apps. We use the personal data you provide only to the extent necessary for rendering or processing our services. We store your data only as long as necessary to achieve the intended purpose, until you delete your account, or as required by legal retention periods. Your data is subsequently deleted by legal requirements or processing is restricted. The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.

Registering for an Account

Using our login system, you can create an account for yourself that you can use to log in to access the services in our apps. In the process, we use cookies—small files—on your browser to identify you. We will request the following data during registration (some of which is required).

Data

Purpose of processing

Legal basis of processing

Storage period

First name
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Last name
Customer account identification
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Email address
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Password
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
IP address at login
Data transfer at registration to web server
Performing the contractual relationship
Indefinite
Profile photo*
Direct address & presentation
Consent
Indefinite

Registering with Facebook or Google

We also offer you the opportunity to create your account using your Facebook or Google account or to link your account to your Facebook or Google account. You can register or log in using your Facebook or Google account by selecting Facebook or Google during registration. You will then be forwarded to Facebook or Google (where you must be logged in or register for an account) and receive an explanation of what types of data we need from Facebook or Google, namely your public profile information such as first and last name and the email address associated with your account. This information is required for identification purposes to create a secure account for you. Your Facebook or Google account and your account with us will be permanently linked using your email address. As soon as you log in to Facebook or Google, you can log in to your account with us. We will not share any information about you with Facebook or Google without your consent. Important: We do not record your Facebook or Google login data and cannot post anything to your Facebook or Google profile without your explicit consent. You can learn how Facebook handles privacy settings using Facebook's privacy policy here and terms of use here. These also include the applicable conditions for the previously specified option of logging in and registering with us. You can learn how Google handles privacy settings using Google's privacy policy here and terms of use here. These also include the applicable conditions for the previously specified option of logging in and registering with us.

Data

Purpose of processing

Legal basis of processing

Storage period

Platform

First name
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Facebook/ Google
Last name
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Facebook/ Google
Email Address
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Facebook/ Google
Password
Direct address & presentation
Performing the contractual relationship
Up to 30 days after deletion of the customer account
Facebook/ Google
IP address at login
Data transfer at registration to web server
Performing the contractual relationship
Indefinite
Facebook/ Google

Access rights

We require these access options and permissions to ensure the proper functioning of our app and to provide its services. We will request the following permissions for the purposes described below:

Permission

Purpose

Camera
Taking photos for profile/feed
Photo library
Selection of photos for profile/feed
Delivery of push notifications
Receipt of push notifications
Mobile data/WLAN (granted by the operating system)
Use of Internet and downloading of new content

Push notifications as part of the user experience

We require your consent if you wish to receive our push notifications on your mobile iOS device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings.

Name of provider

Provider type

Data transfer to third party country

Third party country

Guarantees in acc. with Art. 44 ff GDPR

Google Firebase
Order processor
Yes
USA
EU standard contractual clauses EU/US Privacy Shield/Google

Data

Purpose of processing

Legal basis of processing

Storage period

User data that are also accessible in your public profile
Direct approach
Consent
Until revocation of consent

Google Marketing Services

On our apps we use the marketing and re-marketing services of Google Admob, which allows us to display advertisements in a more targeted manner in order to present advertisements of interest to users.In integrating with Google’s ad services, we share certain information with Google, such as the name of the app and a unique identifier for advertising.Google uses the information shared by apps to deliver their services, maintain and improve them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads you see on Google and on our apps.You can find more information about how Google process data, you can visit their Privacy Policy https://policies.google.com/privacy, and for more information about how your information is specifically used for advertising, you can visit Google’s advertising page https://policies.google.com/technologies/ads.

Facebook Marketing Services

We use the “visitor action pixels” from Facebook Inc. (Menlo Park, California) on our website so that user behavior can be tracked after users have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
We also use Facebook’s Software Development Kit (SDK) within our apps, in order to link various Facebook services with our apps. For example, this enables users to be able to use the Facebook SDK to share content from our apps within their Facebook timeline or to send messages to other Facebook users. Further information about the Facebook SDK within iOS can be found here: https://developers.facebook.com/docs/ios. For Android, please refer to: https://developers.facebook.com/docs/android. Facebook App Events: We use the Facebook App Events service though the Facebook SDK to track the reach of our advertising campaigns and the use of the Facebook SDK. Facebook merely provides us with an aggregated analysis of user behavior with our app. We have no influence beyond that on the information that will be processed through App Events by Facebook. In our app settings, you can opt out of using App Events for these purposes.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b and f GDPR. If you do not wish to be tracked by Facebook in the future, you can opt out at any time by writing an email to support@drunr.com.

Facebook Custom Audience

As part of usage-based online advertising, the Custom Audience product from Facebook (Facebook Custom Audience 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on the website. Generally speaking, a non-reversible and non-personal checksum (hash value) is generated from your usage data which can be sent to Facebook for analysis and marketing purposes. In doing so, a tracking pixel from Facebook is set on our website. This collects information on your activity on the website (such as surfing behavior, subpages visited, etc.). Your IP address is stored and used to direct geographically-based advertising.
You have the option of objecting to targeting by Facebook using the link (https://www.facebook.com/ads/website_custom_audiences).
You can learn more about the purpose and scope of data collection and further processing and utilization of data, as well as privacy settings, using the Facebook's privacy policy (https://www.facebook.com/policy.php).

Firebase by Google

We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.
Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list can be found here: https://firebase.google.com/terms/. Some Firebase services process personal data. In most cases, the personal data is limited to so-called "instance IDs", which are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage behavior, for example by evaluating crash reports.
Currently, we use the following Firebase services:
Google Analytics for Firebase: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. You can find more information via this link: https://support.google.com/firebase/answer/6318039. Google Analytics retains ID-associated data for 60 days, and retains aggregate reporting and campaign data without automatic expiration, unless the Firebase customer changes their retention preference in their Analytics settings or deletes their project. For Analytics for Firebase, Google uses not only the "Instance ID" described above, but also the advertising ID of the end device. You can restrict the use of the advertising ID in the device settings of your mobile device. For Android: Settings > Google > Ads > Reset Ad ID For iOS: Settings > Privacy > Advertising > No ad tracking
Firebase Remote Config: Remote Config uses Instance IDs to select configuration values to return to end-user devices. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.
Firebase Dynamic Links: Dynamic Links uses device specs on iOS to open newly-installed apps to a specific page or context. Dynamic Links only stores device specs temporarily, to provide the service.
Firebase Cloud Messaging: Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the mobile device, which serves as a target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the mobile device. Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.
Firebase will use this information on our behalf for the above mentioned reasons.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation http://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Transfer of data to third parties

We only pass your personal data on to third parties if:
  • You Have Given Your Explicit Consent To This,
  • Forwarding Data Is Necessary For The Assertion, Exercise Or Defense Of Legal Claims And There Is No Reason To Assume You Have An Overriding Legitimate Interest In Your Data Not Being Passed On,
  • In The Event That We Have A Legal Obligation To Forward Data, And
  • This Is Legally Permissible And Required For The Performance Of The Contractual Relationship With You
In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place. Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:

  • Your Personal Data Could Be Processed Over And Above The Intended Purpose.
  • Moreover, There Is A Possibility That You May Not Be Able To Exercise Your Rights In Relation To Data Protection, For Example Your Right Of Access, To Rectification, Erasure Or Data Portability, On A Consistent Basis And Enforce These.
  • It May Also Be Highly Likely That Data Is Processed Incorrectly And In Quantitative And Qualitative Terms, The Protection Of Personal Data Fails To Meet The Requirements Of The GDPR In Full.

Your rights

Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

Information on withdrawal of consent

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Information on right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

Amendments to the Data Privacy Statement

We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.

Privacy Policy Accessibility

Our Privacy Policy is readily accessible both on our app's store listing page on the Google Play Store and within our app itself. This ensures that all users can easily find and understand our privacy practices.

Entity Reference

This Privacy Policy is issued by Company, which is the entity responsible for the app and is listed as such in our app’s Google Play Store listing.

Contact Information for Privacy Inquiries

For any inquiries or concerns regarding our privacy practices, please do not hesitate to contact us at support@drunr.com. This email address is dedicated to addressing your privacy-related questions and ensuring that your concerns are promptly addressed.

Browser Accessibility Statement

Our Privacy Policy is designed for optimal accessibility using standard web browsers, even on mobile phones, without the necessity for any special plug-ins or additional software. It is our commitment to ensure that you can easily read and understand our privacy practices.

Active URL and Non-Editable Format

You can view our Privacy Policy at any time by visiting the following URL: www.drunr.com/privacy-policy. Our policy is presented in a standard, non-editable web format to ensure the consistent communication of our privacy practices.

Consent and User Control

We are committed to obtaining explicit consent from our users before accessing their data. Our users have full control over their data, with the ability to manage their preferences directly within the app settings. Should you wish to delete your data, you can do so either directly through the app or by contacting our support team at the email provided above.

Compliance with Legal Standards

While Company does not currently adhere to any specific data protection regulations or standards, we are dedicated to upholding the principles of data privacy and security in all aspects of our app’s functionality.

Regular Policy Reviews and Updates

We do not have a specific schedule for reviewing and updating our Privacy Policy. However, we are committed to ensuring that our policy remains up-to-date and reflective of our current data practices and any relevant legal requirements.