recross App | Privacy Policy

Hi! We are very happy about your interest in recross!

First of all: Data protection has a particularly high priority for us. Therefore, you can find out here how we process personal data, which personal data we process and how you can assert your rights as a data subject.

This Privacy Policy describes our policies and procedures for collecting, using and disclosing your data and informs you about your data protection rights and how the law protects you. The reason we use your personal information is to provide and improve our service. By using our service, you consent to the collection and use of information in accordance with this Privacy Policy.

The processing of personal data, such as the name, address, e-mail address, or telephone number, is always in line with the German Data Protection Act and in accordance with the country-specific data protection regulations applicable to recross GmbH. As the controller, the recross GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. Since we are only new on the market with our recross app, we are always trying to identify such security gaps as quickly as possible and to close them to ensure better data protection for you.

1. Who we are: data controller and company data protection officer

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

recross GmbH
Haydnstraße 2
63500 Seligenstadt
Germany

E-mail: datenschutz@recross.io
Website: www.recross.io

The company data protection officer recross GmbH can be reached at the above address for the attention of “Data Protection Officer” or at datenschutz@recross.io.

2. Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for and by You to access Our Service or portions of Our Service.

Application means the software program (mobile application = app) provided by recross GmbH with the name recross, which is downloaded by you onto any electronic device.

Company (referred to in this Privacy Policy either as “the Company”, “we”, “us”) refers to the recross App and recross GmbH, Haydnstraße 2, 63500 Seligenstadt.

Personal data is any information relating to an identified or identifiable natural person (hereinafter “you”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Covered Person (“You”) means a natural person who accesses or uses our Service, or the company or other legal entity on whose behalf such natural person accesses or uses the Service, as the case may be.

Cookies are small files placed on your computer, mobile device, or other device by a website that contain, among other things, the details of your browsing history on that website.

Device means any device that can access the Service, such as a computer, cell phone, or digital tablet.

Service refers to the mobile application (app) or the website or both.

Service Provider means any natural or legal person who processes the Data on behalf of the Company. It refers to third party companies or individuals employed by the Company to enable the Service, provide the Service on behalf of the Company, provide services related to the Service or assist the Company in analyzing the use of the Service.

Third Party Social Media Service refers to any website or social network website through which a User may sign up or create an account to use the Service.

Usage Data refers to automatically collected data generated either by the use of the Service or by the infrastructure of the Service itself (e.g., the duration of a page visit).

Website refers to the website for the mobile application of recross, accessible at recross.io

3. Types of data collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that may be used to contact or identify you. Personally identifiable information may include, but is not limited to:

E-mail address
Apple login
Google ID
IP address
Mobile number
First name and last name
Address, state, postal code, city
Gender Identity
Date of birth
Sexual orientation
Photos
Location
Bluetooth
Usage data

Usage Data

Usage data is collected automatically when you use the service.

Usage Data may include information such as your device’s IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, time spent on those pages, entry into our Waiting List, unique device identifiers, and other diagnostic data.

When you access our service with or through a mobile device, we may automatically collect certain information, including, but not limited to, the type of mobile device you are using, the unique ID of your mobile device, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you are using, unique device identifiers, and other diagnostic data.

We may also collect information that your browser sends when you visit our Service or when you access the Service with or through a mobile device.

Waiting List Registration

On our website, you are given the opportunity to register on our waiting list. Which personal data is transmitted to us when entering the waiting list, can be seen from the input mask used for this purpose.

We will inform you by email when our app will be launched and where and how you can download our app. You can only receive this email if (1) you have a valid email address and (2) you have signed up for the waiting list.

When you enter your name in the waiting list, we also store the IP address assigned to you by your Internet service provider (ISP) at the time of entry, as well as the date and time of entry. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later point in time and therefore serves our legal protection.

In order to be able to enter your name in our waiting list, you must agree to our privacy policy. You will be informed of this separately when you register.

Download the recross app

When downloading the recross app via an app store (e.g. Google Play Store, App Store), the necessary information is transferred to the app store operator you have selected. This information may vary from app store to app store, but may include your customer number, your e-mail address, the time of the download of the recross app, and the individual device identification number.

We are neither responsible for the data processing, nor do we have any influence on this data collection of the respective app stores. The corresponding data protection provisions and/or settings of the respective app store operators apply here.

We only process the data provided by the respective app store operator to the extent necessary for downloading the recross app to your end device.

Information collected while using the app

While using our App (Application) to provide features of our App, we may, with your prior permission, collect the following information:

Information about your location
Bluetooth information
Images and other information from your device’s camera and photo library

We use this information to provide features of our service and to improve and customize our service. The information may be uploaded to the Company’s servers and/or a service provider, or it may simply be stored on your device. You can, of course, enable or disable access to this information at any time via your device’s settings, but you may not be able to fully use all of our app’s features if you do so.

Payment Data

When you make in-app purchases and buy one of our paid premium services, this is done exclusively via external payment providers, such as Google Play and the App Store. We do not collect or use any payment data. This takes place exclusively with the payment providers. The respective terms and conditions of the payment providers apply here.

Only technical data (such as the transaction ID) is exchanged between us and the payment providers to validate the purchases. This data is stored by us either until the deletion of your account or beyond, until this data is no longer subject to tax, commercial or other legal storage obligations.

The legal foundation for this processing of personal data lies in Art. 6 I lit. b) EU-DSGVO.

Cookies and similar tracking technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. The tracking technologies we use are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. The technologies we use may include:

Cookies or browser cookies

A cookie is a small file that is placed on your device. You can instruct your browser to reject or display all cookies when a cookie is sent. However, if you do not accept cookies, you may not be able to use some parts of our service. Unless you have set your browser to reject cookies, our Service may use cookies.

Web Beacons

Certain areas of our Service and emails may contain small electronic files known as web beacons (also known as clear gifs, pixel tags, and single-pixel gifs) that allow the Company, for example, to count users who have visited those pages or opened an email, and for other related website statistics (such as recording the popularity of a particular area and verifying system and server integrity).

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your PC or mobile device when you go offline, while session cookies are deleted when you close your web browser. We use both session and persistent cookies for the purposes listed below:

Necessary / essential cookies

Type: Session cookies

Managed by: Us

Purpose: These cookies are essential to provide you with the services available through the website and to allow you to use some features. They help authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services you request cannot be provided, and we only use these cookies to provide you with these services.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent cookies

Managed by: Us

Purpose: These cookies identify whether users have accepted the use of cookies on the website.

Functionality cookies

Type: Persistent cookies

Managed by: Us

Purpose: These cookies allow us to remember the choices you make when using the website, such as your login information or language preference. The purpose of these cookies is to provide you with a more personalized experience and to avoid having to re-enter your preferences each time you use the website.

4. Use of your personal data

We may use personal information for the following purposes:

To provide and maintain our service, including to monitor the use of our service.

To manage your account: to manage your registration as a user of the Service. The personal data you provide may give you access to various functionalities of the Service available to you as a registered user.

For contract performance: to develop, comply with and perform the purchase contract for the products, items or services you purchase or any other contract with us through the Service.

To contact you: To contact you via email, phone calls, text messages, or other equivalent forms of electronic communication, such as push notifications from the mobile application regarding updates or informative communications related to the Functionalities, Products, or Contractual Services, including security updates, when necessary or appropriate for their implementation.

To provide you with news, special offers and general information about other goods, services and events offered by us that are similar to those you have already purchased or requested, unless you have opted out of receiving such information.
Messages that we primarily send to you in this context are SMS notifications and push notifications.
We use Google Firebase for this purpose. When you register or log out, you will be sent either an SMS code or an email to verify your identity. Only the necessary data (phone number, email address, IP address, time of registration) and not the data about your other usage behavior will be transmitted to Google Firebase.

In the case of push notifications, only the necessary data (message content, device identification number, IP address, time of request) and no other data about your other usage behavior is transmitted to Google Firebase. If you do not want to receive push notifications, you can deactivate them at any time from the app or from your device settings.

To manage your requests: To process and manage your requests to us.

For Business Transfers: We may use your information to evaluate or effect a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation or similar proceeding in which personal information held by us about our service users is one of the transferred assets.

For Other Purposes: We may use your information for other purposes, such as analyzing data, identifying usage trends, determining the effectiveness of our advertising campaigns, and evaluating and improving our service, products, services, marketing and your experience.

We may share your personal information in the following situations:

With Service Providers: We may share your personal information with service providers to monitor and analyze the use of our service and to contact you.

For Business Transfers: We may share or transfer your personal information to another company in connection with or during negotiations for a merger, sale of company assets, financing or acquisition of all or a portion of our business.

With Business Partners: We may share your information with our business partners to offer you certain products, services or promotions.

With Other Users: When you share personal information or otherwise interact with other users in the public areas, that information may be viewed by all users and may be publicly disseminated to the outside world. When you interact with other users, your contacts can see your name, profile, pictures and description of your activities and communicate with you.

5. Storage of your personal data

The Company will retain your personal information only for as long as is necessary for the purposes set forth in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (e.g., if we need to retain your information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, unless such data is used to improve the security or functionality of our Service or if we are required by law to retain such data for longer periods of time.

6. Release of your personal data

Business transactions

If the Company is involved in a merger, acquisition or asset sale, your personal information may be transferred. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

Law enforcement

In certain circumstances, the Company may be required to disclose your personal information if required to do so by law or in response to reasonable requests from public authorities (such as a court or government agency).

Other legal requirements

Company may disclose your personal information in the good faith belief that such action is necessary to:

comply with a legal obligation
protect and defend the rights or property of the Company
Identify and prevent possible misconduct in connection with the service
Protect the personal safety of the users of the service or the public

7. Age guideline

Our service is not directed to persons under the age of 18. We do not knowingly collect personal information from persons under the age of 18. If you suspect that anyone under the age of 18 is providing us with personal information, please contact us using the contact information provided.

If we learn that a person under the age of 18 is using our service, we will remove the registration and the accompanying login information. In this context, we reserve the right to store the data (IP address, email address, user ID, phone number) of persons under 18 years of age in order to prevent circumvention of our age policy.

8. Security of your personal data

The security of your personal information is important to us, but please keep in mind that no method of transmission over the Internet or electronic storage is 100% secure. Although we strive to use commercially acceptable means to protect your personal information, we unfortunately cannot guarantee its absolute security.

9. Your rights

Right to confirmation

You have the right granted by the European Directive and Regulation to request confirmation from us as to whether the personal data in question is being processed. If you wish to exercise this right of confirmation, you can contact
us at datenschutz@recross.io at any time.

Right to information

You have the right, granted by the European Directive and Regulation Maker, to receive from us at any time, free of charge, information about the personal data stored about you and a copy of this information. Furthermore, the European Union has granted you access to the following information:

the processing purposes
the categories of personal data that are processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by us or a right to object to such processing
the existence of a right of appeal to a supervisory authority
if the personal data is not collected from you: All available information about the origin of the data
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you as a data subject

Furthermore, you have the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate guarantees in connection with the transfer. If you would like to exercise this right to information, you can contact us at datenschutz@recross.io at any time.

Right to rectification

You have the right granted by the European Directive and Regulation to request the immediate rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing. If you wish to exercise this right of rectification, you can contact us at any time.

Right to erasure (right to be forgotten)

You have the right granted by the European Directive and Regulation to request that we erase the personal data concerning you without undue delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:

The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21(1) DS-GVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) DS-GVO.
The personal data have been processed unlawfully.
The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DS-GVO.

If one of the above reasons applies and you wish to arrange for the deletion of personal data that we have stored, you can contact us at any time at datenschutz@recross.io. We will comply with your request for deletion without delay.
If the personal data have been made public by us and our company as the controller is obliged to erase the personal data pursuant to Article 17 (1) of the Data Protection Regulation, we will take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers which are processing the published personal data, that you have requested from them to erase all links to or copies or replications of such personal data, unless the processing is necessary. We will arrange the necessary in individual cases.

Right to restriction of processing

You have the right, granted by the European Directive and Regulation Maker, to require us to restrict processing if one of the following conditions is met:

You dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data.
The processing is unlawful, you refuse the erasure of the personal data and request instead the restriction of the use of the personal data.
We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims.
You have objected to the processing pursuant to Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate reasons prevail over yours.

If one of the above conditions is met and you wish to request the restriction of personal data stored by us, you can contact us at datenschutz@recross.io at any time.

Right to data portability

You have the right granted by the European Directive and Regulation to receive the personal data concerning you, which has been provided by you to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) DS-GVO or Article 9(2)(a) DS-GVO or on a contract pursuant to Article 6(1)(b) DS-GVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that the personal data be transferred directly from us or a controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons. To assert the right to data portability, you can contact us at any time at datenschutz@recross.io.

Right to object

You have the right granted by the European Directive and Regulation to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DS-GVO. This also applies to profiling based on these provisions. We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process personal data for the purpose of direct marketing, you have the right to object at any time to processing of personal data for such marketing. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the DS-GVO, unless such processing is necessary for the performance of a task carried out in the public interest.

To execute your right to object, you can contact us directly. You are also free to execute your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Automated decisions in individual cases, including profiling

You have the right, granted by the European Directive and Regulation, not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you, unless the decision (1) is necessary for the conclusion or performance of a contract between you and us, or (2) is permitted by Union or Member State law to which we are subject and that law contains adequate measures to safeguard the rights and freedoms and legitimate interests of you, or (3) is made with your explicit consent.

If the decision is (1) necessary for the conclusion or performance of a contract between you and us or (2) made with your explicit consent, we will take reasonable steps to protect your rights and freedoms and your legitimate interests.
If you wish to exercise your rights with regard to automated decisions, you can contact us at datenschutz@recross.io at any time.

Right to revoke consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time, as granted by the European Union. If you wish to exercise your right to withdraw consent, you can contact us at any time at datenschutz@recross.io.

10. Privacy policy on the use and application of ipstack

We have integrated ipstack on our website. Ipstack is a geolocation provider that allows us to locate the location from which the request originates in real time based on the IP address. This can also assess security threats emanating from risky IP addresses. The results are delivered within milliseconds in JSON or XML format. Using the ipstack API, website visitors can be located and your user experience customized accordingly.

The operating company of the ipstack component is apilayer Data Products GmbH, Elisabethstrasse 15/5, 1010 Vienna, Austria.

Further information and the applicable privacy policy of the operator ipstack.com can be found at https://ipstack.com/privacy.

11. Privacy policy on the use and application of Plausible Analytics

We have integrated Plausible Analytics on our website. Plausible Analytics is a web analytics tool that we use to count and analyze page views on our website. The operating company is Plausible Insights OÜ Västriku tn 2, 50403, Tartu, Estonia.

Plausible Analytics does not use cookies and does not collect personal data. There are no persistent identifiers. Also no cross-site or cross-device tracking. Your data is also not used for any other purpose.

Further information and the applicable privacy policy of Plausible Analytics can be found at https://plausible.io/privacy and https://plausible.io/data-policy.

12. Privacy policy on the use and application of Google AdMob

We have integrated Google AdMob on this website and in the app. Google AdMob is an online service through which user data is used for advertising communication purposes by tracking their interaction with our content and with ads. Google AdMob relies on an algorithm that uses device-specific data, such as the model of hardware you are using, the version of the operating system, and unique device identifiers to create a pseudonymized user profile for the purpose of displaying actual or perceived interest-based advertising. The operating company of the Google AdMob component is Alphabet Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google AdMob component is to integrate advertisements on our services.

Google-AdMob uses device-specific data, such as the model of the hardware you are using, the version of the operating system and unique device identifiers, to create a pseudonymized user profile for the purpose of displaying actual or supposed interest-based advertising. By using our services, the device-specific data on your information technology system is automatically caused by the respective Google AdMob component to transmit data to Alphabet Inc. for the purpose of online advertising and the billing of commissions. Within the scope of this technical procedure, Alphabet Inc. obtains knowledge of personal data, such as your IP address, which Alphabet Inc. uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission calculations.

Via Google AdMob, personal data and information, which also includes the IP address and is necessary for the collection and billing of the displayed advertisements, is transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may disclose this personal data collected via the technical process to third parties.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google AdMob is explained in more detail under this link https://www.google.de/admob/.

13. Privacy policy on the use and application of Google reCAPTCHA

We have integrated Google reCAPTCHA on this website and in the app. Google reCAPTCHA is an online service that checks the data input on our services to see whether it was entered by a human or by an automated program. Google reCAPTCHA is based on an algorithm that analyzes your behavior when using our services based on various characteristics. This analysis begins automatically as soon as you use one of our services. Device-specific data, such as your IP address, the model of the hardware you use, the version of the operating system, unique device identifiers and the time spent using our services are used and evaluated. The operating company of the Google-reCAPTCHA component is Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The purpose of the Google reCAPTCHA component is to check and analyze whether the data input when using our services was made by a human or by an automated program. Within the scope of this technical procedure, Alphabet Inc. obtains knowledge of personal data, such as your IP address, the model of the hardware you are using, the version of the operating system, unique device identifiers and the time spent using our services.

The data analysis by Google reCAPTCHA runs completely in the background. You will not be informed again when using our services that an analysis by Google reCAPTCHA takes place.
Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.
Google reCAPTCHA is explained in more detail under this link https://policies.google.com/privacy?hl=de.

14. Privacy policy on the use and application of Google Analytics

We have integrated the Google Analytics component in the app. Google Analytics is a web analysis service. Web analysis is the collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about the website from which you came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website or mobile application and for cost-benefit analysis of internet advertising. The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website and app. Google uses the data and information obtained, among other things, to evaluate the use of our services, to compile online reports for us that show the activities on our services, and to provide other services related to the use of our services.

Google Analytics sets a cookie on your information technology system. We have already explained what cookies are above. By setting the cookie, Google is enabled to analyze the use of our website. Each time you call up one of the individual pages of this website that is operated by us and on which a Google Analytics component has been integrated, the Internet browser on your information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as your IP address, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by you, is stored. Each time you use our services, this personal data, including the IP address of the Internet connection used by you, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected via the technical process with third parties.

You can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

15. Privacy policy on the use and application of Vimeo

We have integrated the Vimeo component on our services for the display of video content. Vimeo is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. Vimeo allows the publication of all types of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal. The operating company of Vimeo is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

By each call of one of the individual pages of this website, for example, which is operated by us and on which a Vimeo component has been integrated, the Internet browser on your information technology system is automatically caused by the respective Vimeo component to download a representation of the corresponding Vimeo component from Vimeo. As part of this technical process, Vimeo receives information about which specific sub-page of our website is visited by you. If you are logged in to Vimeo at the same time, Vimeo recognizes which specific subpage of our website you are visiting when you call up a subpage that contains a Vimeo video. This information is collected by Vimeo and assigned to your Vimeo account.

This information is always transmitted to Vimeo if you are logged in to Vimeo at the time of accessing our website; this takes place regardless of whether you click on a Vimeo video or not. If you do not want this information to be transmitted to Vimeo, you can prevent this transmission by logging out of your Vimeo account before accessing our website.

The privacy policy published by Vimeo, which is available at https://vimeo.com/privacy, provides information about the collection, processing and use of personal data by Vimeo.

16. Legal basis of processing

Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our premium services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of you or another natural person. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that your interests, fundamental rights and freedoms are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you, as the data subject, are a customer of ours (recital 47 sentence 2 DS-GVO).

17. Legitimate interests in the processing pursued by us or a third party

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

18. Amendment of the privacy policy

We may occasionally need to revise and amend this privacy policy. The latest version is always available at https://recross.io/en/privacy/. In case of significant changes, you will be informed immediately via the recross app or on our website.

If you still have questions, you can always send them to us at datenschutz@recross.io.

Effective date: May 01, 2023

Notice:

This data protection declaration was created by the data protection declaration generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the External Data Protection Officer Munich, in cooperation with the lawyer for data protection law Christian Solmecke.