Privacy Policy

Below we will inform you in detail about the type, scope and purpose of the personal data we collect, use and process and explain the rights to which you as the data subject are entitled.

We reserve the right to change the data protection declaration at any time with effect for the future. If you visit our app again, the updated and published data protection declaration applies. The current version of the data protection declaration can be accessed, saved and printed out in our app at any time.

With regard to the terms used (e.g. personal data, person responsible), we refer to the definitions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the other data protection regulations.

Name and address of the person responsible

The person responsible within the meaning of the European Union (EU) General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Nodety GmbH, Leopoldstr. 175, 80804 Munich, Germany, info@nodety.com, www.nodety.com

General information on data processing

Scope of processing

In principle, we only collect and use personal data to the extent that this is necessary to provide a functional app and our content and services, you have given your consent or the processing of the data is permitted by law.

Legal basis for processing personal data

Insofar as we obtain your consent for the processing of personal data, art. 6 para. 1 s. 1 lit. a GDPR as the legal basis for the processing of personal data.

When processing personal data that is required to fulfill a contract to which you are a party, art. 6 para. 1 s. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, art. 6 para. 1 s. 1 lit. c GDPR as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if your interests, fundamental rights and fundamental freedoms do not outweigh the former interest, art. 6 para. 1 s. 1 lit. f GDPR as the legal basis for processing.

Legitimate interests in processing

Is the processing of your personal data based on art. 6 para. 1 s. 1 lit. f GDPR, unless otherwise stated, our legitimate interest is the performance of our business activities. In addition, we have indicated our purposes and interests within the scope of the above list of processing.

Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies or you revoke your consent. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. If the purpose of storage no longer applies, if you revoke your consent or if a storage period prescribed by the European directive and regulation authority or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Recipients of the collected data / data transmission

The recipients of the data collected via our app are primarily us as the responsible company. In addition, processors (web hosts, IT service providers, etc.) may have access to the data collected via our app. However, compliance with the legal regulations is guaranteed in this respect by order processing contracts that we conclude with our EU-based processors. Data is only transferred to so -called third countries outside the EU if and to the extent that this is indicated below.

Data transfer and processing in third countries

We only transfer data to a third country, i.e. to a country outside the EU and the European Economic Area (EEA), or have data about the use of third-party services processed in a third country, provided that it is a third country with a recognized level of data protection, we have concluded a so-called standard contractual clause or certifications or binding internal data protection regulations exist.

Data processing when downloading and using our app

As soon as you download and use our app, it is mandatory to provide personal data in order to carry out your contract with us.

Existence of automated decision-making

We do not carry out any automatic decision-making or profiling within the meaning of art. 22 GDPR.

Data security

We secure our app and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement to ensure they are state-of-the-art.

Use of Cookies and Tracking Technologies

Cookies and Similar Technologies: We use cookies and similar tracking technologies to track the activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyze our service.

Google Analytics: Our website uses Google Analytics, a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt out of having made your activity on the service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Google Tag Manager: Google Tag Manager is a tag management system that allows us to quickly and easily update tags and code snippets on our website, including those intended for traffic analysis and marketing optimization. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior, to understand the effect of online advertising and social channels, to set up remarketing and orientation towards target groups, and to test and optimize websites. Google Tag Manager itself (which implements the tags) does not collect any personally identifiable information. However, the tool triggers other tags that may, in turn, collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. For more information about Google Tag Manager, see: https://www.google.com/analytics/tag-manager/use-policy/

Your Choices Regarding Cookies: If you prefer to avoid the use of cookies on the website, first you must disable the use of cookies in your browser and then delete the cookies saved in your browser associated with this website. You may use this option for preventing the use of cookies at any time.

If you do not accept cookies, you may not be able to use some portions of our service.

Data processing when using our services

Hosting, access data in server log files

We host our app on servers from Google Cloud EMEA Limited, 0 Sir John Rogerson's Quay, D02 R296, Dublin 2, Dublin, Ireland ("Hoster").

We provide a technical infrastructure via our hoster in order to be able to offer our products and services to customers, interested parties and business partners.

When using our services, your (anonymized) IP and the duration of your visit to our app will be transmitted to our hoster.

Our hoster also automatically saves access data in so-called server log files each time our app is called up. This includes:

  • Date and time of retrieval
  • Amount of data transferred and, if applicable, name of the requested file
  • Browser used and its version
  • Operating system used
  • IP address
  • Requested URL including subpages
  • Referrer URL
  • Requesting provider

The temporary storage of the IP address by the system is necessary to enable delivery of the app to your end device. To do this, your IP address must be saved for the duration of the session.

The legal basis for the temporary storage of your data and the log files is our legitimate interest art. 6 para. 1 s. 1 lit. f GDPR.

The specified data is evaluated exclusively to ensure the permanent and trouble-free operation of our app and the security of our information technology systems. For this purpose, the above data is stored for a maximum of 7 days.

The collection of the data for the provision of the app and the storage of the data in log files is absolutely necessary for the operation of our app. There is therefore no possibility of objection.

Further information on data protection can be found in the data protection regulations of Google Cloud EMEA Limited at https://cloud.google.com/terms/cloud-privacy-notice .

Data processing when registering and using our app

You have the option to register in our app. When you create a user account or register, you are required to provide certain mandatory information in order to access and manage your user account ("Required Information"). Mandatory information during registration is marked with an asterisk and is required for the conclusion of the user contract. Which data is collected can be seen from the respective input forms. As part of the registration, these are:

  • Your email address

    If you do not provide this information, you will not be able to create a user account.

    We use the data you provide to authenticate you when you log in, to verify your authorization to manage the user account, to enforce the terms of use of the app and all associated rights and obligations, and to contact you to provide you with technical or legal information To be able to send notices, updates, security notifications or other messages relating to the administration of the user account.

    We also store your IP address and the date and time of registration in order to prevent misuse of our app and the services offered on it and to investigate any criminal offenses that may have been committed. The storage of this data is therefore necessary for our own security. The legal basis for the processing of your personal data is art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest in data processing also lies in the aforementioned purposes.

    When you book a package with us, we collect and process the following data from you as part of the billing process:

  • Your name
  • Your billing address

    We use your data to bill you for our services.

If you use our app, we also collect and process the following data from you as part of the provision of services:

  • Device data (e.g. operating system)

    We use your data to provide our services to you.

    We also use your time zone and geoloaction (location data) to be able to show you the license terms that apply to you.

We only use the data you have provided to process the contract and provide our services to be provided under the contract. We can also pass on your data to one or more processors who also use your data exclusively for internal use on our behalf. The processors we use can be found in this data protection declaration.

The legal basis for the processing of your personal data is the fulfillment of our contract with you in accordance with art. 6 para. 1 s. 1 lit. b GDPR.

After the contract has been fully processed, your data will initially be blocked for further use and deleted after the statutory retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is permitted by law and about which we inform you below.

You have the option to object to the processing at any time and to delete your account. In such a case, the contractual relationship with you cannot be continued

Login through Google Cloud Identity, using a token

Login to our app is via an authentication token. After your initial registration, you will receive an e-mail containing a link. When you click on the link, a token is generated and stored on your device. The token is assigned to your user account, which automatically logs you in and gives you access to our app. The token and the authentication is provided by the Google Cloud Identity service.

Google Cloud Identity is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

For more information about Google Cloud Identity, see Google's privacy policy at https://policies.google.com/privacy .

The token has a limited term and must be regenerated after the term has expired. Otherwise, the same regulations on revocation and deletion periods apply as for registration via our app in accordance with the section above.

Firebase

We use the Google Firebase developer platform for our app , a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA . Firebase partially transmits data to the USA.

Google Firebase is a platform for developers of apps for mobile devices and websites. Google Firebase offers a variety of features that are presented on the following overview page: https://firebase.google.com/products/

We use several features of Firebase in our apps :

Firebase Analytics uses methods that enable an analysis of your use of the respective app, in particular which functions and notes of the app you access, when you open the app for the first time, uninstall or update the app.

Firebase and the personal data of users processed by means of Firebase can be used together with other Google services, such as Google Analytics and Google Marketing Services. In this case, device-related information is also processed in order to identify mobile devices and the user.

The legal basis for the processing of personal data is art. 6 para. 1 s. 1 lit. a GDPR.

You can give your consent via our app and revoke it in the settings at any time with effect for the future.

You can object to the use of interest-based advertising by Google marketing services by adjusting the marketing settings provided by Google: https://adssettings.google.com/

Further information on data protection can be found in Google's data protection declaration at https://policies.google.com/privacy .

Sentry

In our app we use Sentry, an error management tool from Sentry Inc., 45 Fremont Street, 8th Floor San Francisco, CA 94105, USA ("Sentry").

With the help of Sentry we can improve the technical stability of our app by monitoring system stability and identifying code errors. For this purpose, we collect and store data via Sentry that is created from pseudonymised usage profiles, in particular internal logs of the app that occur during your use. These serve exclusively to be able to immediately identify and correct errors in the app. The legal basis for the processing of your personal data is art. 6 para. 1 sec. 1 lit f GDPR. Our legitimate interest lies in the technically error-free and optimized provision of our app.

Further information on data protection can be found in Sentry's notes and data protection declaration at https://sentry.io/privacy/

Personalized tips, hints and offers

With our app we can show you helpful tips and information as well as offers based on your personal usage behavior. If you have agreed to the collection of your movement and usage data within our app, in particular with regard to the Notes, we derive the personalized tips, information and offers from this and show you these to improve the use of our app.

The legal basis for the processing of personal data is art. 6 para. 1 s. 1 lit. a GDPR.

You can give your consent via our app and revoke it in the settings at any time with effect for the future.

The data will not be passed on to third parties, but processed by us. Other data from your user account or other personal data will not be collected for the provision of personalized tips, advice and offers.

Social media

In addition to this app, we also maintain presences in various social networks. If you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to storing the data you have specifically entered in this social network, other information will also be processed by the provider of the social network. As a rule, your data is processed for market research and advertising purposes, among other things to create corresponding user profiles and to show you personalized advertising. For this purpose, the provider of the social network usually stores cookies on your end device, in which your usage behavior and your interests are stored. In addition, the provider of the social network may process the most important data of the computer system from which you visit it - for example your IP address, the processor type used and browser version including plugins.

If you are logged in with your personal user account of the respective network while visiting such a network, this network can assign the visit to your account. If you do not want such an assignment, you must log out of your account and delete the cookies before visiting our social media presence.

If you have given your consent to the processing to the respective provider of the social network, the legal basis for the processing of your personal data is art. 6 para. 1 s. 1 lit. a GDPR.

We maintain presences in the respective social networks in order to be able to communicate with you there and inform you about our services. This is also our legitimate interest in the processing of your personal data according to art. 6 para. 1 s. 1 lit. f GDPR.

Further information on the purpose and scope of the data collection as well as on the further processing and use of your data and the possibility of opting out can be found in the data protection regulations of the respective network:

Instagram

Instagram is powered by the Meta platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland .

Privacy Policy: http://instagram.com/about/legal/privacy/

YouTube

Youtube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Privacy Policy: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

Integration of Google Fonts

Our app uses so-called fonts to display the text. This will Provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), a Subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

When you use text related functionality our app, the app loads the required font.

The provision of Google Fonts is necessary so that a visually improved display of the texts can be displayed within the app. If you prevent access to the Google servers, the text will be displayed in the system's default font.

The legal basis for processing Of their personal Data is art. 6 para. 1 s. 1 lit. f GDPR.

Further information on data protection can be found in Google's notes and data protection declaration at www.google.com/fonts#AboutPlace:about or www.google.com/policies/privacy/ .

Email and contact form

In our app we provide an email address and a contact form. If you contact us by e-mail or via our contact form, the personal data you provide will be saved automatically. The other personal data processed while contacting us serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data that is transmitted in the course of sending an e-mail or a contact request is art. 6 para. 1 s. 1 lit. f GDPR. If contact is aimed at concluding a contract, the additional legal basis for processing is art. 6 para. 1 Sentence 1 lit. b GDPR.

We only use the personal data you provide to process your specific request. The data provided will always be treated confidentially.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

Payment service provider

We use the external payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ("Payment Service Provider") to process payments.

You transmit your inventory data to the payment service provider via the input form, such as first name, last name, address, date of birth, e-mail address, IP address, telephone number, mobile phone number and your bank details, insofar as they are necessary for payment processing, such as account numbers, credit card numbers, passwords, TANs, verification numbers, validity date and CVC code. In order to process the payment, data related to your respective booking, such as prices and taxes or information on previous ordering behavior, is also transmitted to the payment service provider.

The transmission of the data is intended exclusively for payment processing. The legal basis for the transmission of the data to the payment service provider is therefore art. 6 Para . 1 s. 1 lit. b. DSGVO, provided that the payment serves to fulfill a contract. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with art. 6 para. 1 s. 1 lit. f. GDPR in order to offer you effective and secure payment options. If you already have a separate contractual relationship with the payment service provider, the payment service provider acts as the person responsible and not as our processor.

We do not have access to the data entered, these are processed and stored exclusively by the payment service provider. We only receive information about whether the payment was successful or not.

The payment service provider may transfer your data to credit agencies for identity and credit checks and for fraud prevention.

The terms and conditions of the payment service provider apply to the payment transactions. Further information on data protection can be found in the data protection declaration of our payment service provider at https://stripe.com/de/privacy-center/legal .

Data Storage and Caching

Storage on Our Servers

When you use the Nodety web application, the corresponding projects are stored on our secured servers. This allows us to provide features such as backup, access from multiple devices, and sharing capabilities, ensuring you have a seamless experience across our platform.

Local Caching on Your Device

For improved performance and faster access times, Nodety may also cache a copy or portions of your projects on your device's local storage, such as browser local storage, IndexedDB or using File System API. This means that when you revisit our web application, certain data can be quickly loaded without requiring a fresh download from our servers.

Security of Cached Data

Although the cached data is stored locally on your device, we implement a range of security measures to protect it. However, if you are using a shared or public computer, we recommend logging out after each session to ensure your data is not accessible to others.

Changes to this Section

We may update our data storage and caching practices to improve user experience or for other operational reasons. Any significant changes that affect how your projects are stored will be communicated to you in advance, and you'll always have a choice in how your data is managed.

Data subject rights

If your personal data is processed, you as the data subject within the meaning of the GDPR have the following rights in particular:

Right to information (Article 15 GDPR)

You have the right to request confirmation as to whether we are processing data relating to you. You also have the right to receive information from us free of charge at any time about the personal data stored about you and a copy of this data in accordance with the legal requirements.

Right to rectification (Article 16 GDPR)

You have the right to request the immediate correction and/or completion of incorrect or incomplete personal data concerning you. We have to make the correction immediately.

Right to restriction of processing (Article 18 GDPR)

You have the right to demand that we restrict processing if one of the legal requirements is met.

Right to erasure (Article 17 GDPR)

You have the right to demand that the personal data concerning you be deleted immediately if one of the legal reasons applies and if the processing is not necessary.

Right to information

If you have asserted the right to correction, deletion or restriction of processing against us, we are obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

Right to data portability (Article 20 GDPR)

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements. You also have the right to transmit this data to another person responsible without hindrance from us in accordance with the legal requirements. Furthermore, in accordance with the legal requirements, you have the right to have the personal data transmitted directly from us to another person responsible, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not impaired.

Right to object (Article 21 GDPR)

You have the right, for reasons that arise from your particular situation, at any time against the processing of personal data concerning you, which is based on art. 6 para. 1 s. 1 lit. e or f GDPR to file an objection. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can contact us at any time to exercise your right to object.

Right to withdraw consent

You have the right to withdraw your consent to the processing of personal data at any time. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.