Deine Bamberg Stadtführung

Data Privacy Statement

Valid from: 04.04.2025

Person in Authority

Name and Contact Details of the Person Responsible for Processing Data:

Dustin Eversmann, Claviusstr. 25, 96047 Bamberg (referred to as „I“).

Google Analytics 4

If you have given your consent, this app uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“).

Nature and Purpose of the Processing

Google Analytics 4 uses cookies and similar technologies to enable an analysis of your use of our app. The information collected about your use of this app is generally transferred to a Google server in the USA and stored there.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.

Recorded Events During Your Visit

During your app visit, your user behaviour is recorded in the form of „events“. Events can include:

  • Page views
  • First visit to the app
  • Start of session
  • Web pages visited
  • Your „click path“ and interactions within the app
  • Scrolls (when reaching the bottom of a page at 90%)
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Seen or clicked Ads

Additionally recorded data includes:

  • Approximate location (region)
  • Date and time of your visit
  • IP address (in shortened form)
  • Technical information about your browser and device (e.g., language setting, screen resolution)
  • Your internet service provider
  • Referrer URL (the source from which you arrived at this app)

Purposes of Data Processing

On behalf of the operator, Google will use this information to evaluate your pseudonymous use of the app and to compile reports on app activity. The reports provided by Google Analytics 4 serve to analyze the performance of our app and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Third Country Transfer

For the USA, the European Commission adopted an adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be ruled out, we have also concluded EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.

Retention Period

Data sent by us and linked to cookies are automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal Basis

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.

Withdrawal

You can withdraw your consent at any time with effect for the future by accessing the data privacy settings and changing your selection. The lawfulness of processing carried out on the basis of consent until revocation remains unaffected.

For more information on Google Analytics‘ terms of use and privacy policy, visit Google Analytics Terms of Use and Google Privacy Policy.

Mapbox Integration

Our app uses Mapbox to provide essential map and location-based services. Mapbox is a service provided by Mapbox, Inc., located at 740 15th St NW, Washington, DC 20005, USA (“Mapbox”). This integration is necessary for core functionality within the app, allowing users to view and interact with maps.

Legal Basis for Data Processing

The use of Mapbox is based on our legitimate interest in providing essential mapping functionality (Art. 6 para. 1 lit. f GDPR). Processing is limited to the minimum data necessary to provide these services.

Data Minimization and Telemetry

We have taken steps to configure Mapbox to limit data processing:

  • Telemetry Disabled: Telemetry is disabled, so no analytics data on map interactions is collected.
  • No Cookies: We have configured the app to prevent Mapbox from setting cookies in the app’s WebView, so no tracking data is stored on your device.

Types of Data Processed by Mapbox

  • IP Address: Used for delivering map content. IP addresses are processed as required and not used to personally identify users.
  • Location Data: Only processed if location access is granted on your device, for in-app map functionality. Location data is not stored in personally identifiable form.
  • Technical Information: Device type, operating system, and approximate location data (e.g., region or city) may be processed to optimize map functionality.

Third Country Transfer

Data transfers to Mapbox servers in the USA are covered by the EU-U.S. Data Privacy Framework. Mapbox is certified under this framework, and additional EU standard contractual clauses (SCCs) are in place to protect data transfers outside the EU/EEA.

User Rights

Under GDPR, you have the right to access, rectify, delete, or restrict data processing, as well as the right to object to processing based on legitimate interest. Please contact the data protection officer for assistance.

Control Over Location Data

Mapbox requires location data only if you grant permission. You can control location access in your device settings. Without location data, certain map-based features may be limited.

For more details on Mapbox’s data handling and compliance, refer to the Mapbox Privacy Policy and the EU-U.S. Data Privacy Framework.

RevenueCat Integration

Our app uses RevenueCat to manage in-app purchases. RevenueCat is a service provided by RevenueCat, Inc., 548 Market St PMB 97114, San Francisco, California 94104-5401, USA. This integration is necessary to validate and manage purchases made through the app.

Types of Data Processed by RevenueCat

RevenueCat may collect the following types of data to manage purchases:

  • Transaction Information: Details about purchases made within the app, including product IDs, prices, and transaction receipts.
  • Device Information: Platform (iOS or Android), device model, operating system version, app version, and SDK version.
  • Identifiers: RevenueCat-generated unique identifier and, if available, advertising identifiers (e.g., IDFA or Google Advertising ID).
  • IP Address: Temporarily processed for purposes such as fraud prevention and determining approximate geolocation.

Purposes of Data Processing

RevenueCat processes data to:

  • Validate and manage in-app purchases.
  • Ensure accurate purchase receipts and restore purchases if needed.
  • Prevent fraud and abuse.
  • Analyze purchase trends and app performance (aggregated and anonymized data).

Legal Basis

The legal basis for processing data via RevenueCat is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR, as in-app purchases are a key part of the app’s functionality.

Recipients

Data processed by RevenueCat may be shared with:

  • Apple App Store or Google Play Store, depending on the platform used for the purchase.
  • RevenueCat, Inc., 548 Market St PMB 97114, San Francisco, California 94104-5401, USA.

Third Country Transfer

RevenueCat processes data on servers in the United States. RevenueCat is certified under the EU-U.S. Data Privacy Framework. Additional safeguards, such as EU standard contractual clauses, are in place to ensure an appropriate level of data protection for transfers outside the EU/EEA.

Retention Period

Transaction-related data is retained for as long as necessary to manage purchases and comply with legal obligations. Data that is no longer required is deleted or anonymized.

User Rights

Under GDPR, you have the right to access, rectify, delete, or restrict data processing related to RevenueCat. For assistance, please contact us at the address provided above.

Further Information

For more details on RevenueCat’s privacy practices, please refer to their Privacy Policy.