Privacy Policy

1. General Information and Responsible Party

The protection of your personal data is a central concern for us. This privacy policy transparently informs you about which data we collect in the context of using our website and app, for what purpose we process it, and which rights you have as the data subject.

Controller within the meaning of the GDPR is: JetztAngeln UG (haftungsbeschränkt) Birnbaumweg 9, 37176 Nörten-Hardenberg Email: [email protected]

For data protection inquiries and exercising your data subject rights, please contact us at: [email protected]

2. Data Security and Access Control

All data transmissions between your end device and our servers are exclusively encrypted via HTTPS using current TLS protocols. Administrative access to our servers and all processed data is exclusively possible via our own secured VPN network based on WireGuard. Access from outside this network is technically impossible. These measures serve to implement a risk-appropriate level of protection pursuant to Art. 32 GDPR.

3. Hosting, Infrastructure and DNS

Our website and all backend systems are operated on our own servers within Germany. The technical infrastructure is based on container technology (Docker) and includes the components PostgreSQL, MariaDB, Redis, Minio, and Traefik. Transmission of personal data to third parties occurs exclusively on legal grounds.

External Resources

Our website uses a Markdown editor that automatically loads several JavaScript libraries and CSS files from the CDN service unpkg.com upon page access. These include the libraries highlight.js, KaTeX, Mermaid, ECharts, Cropper.js, Prettier, and Screenfull. With each of these loading processes, the user's IP address is transmitted to unpkg.com servers. unpkg.com is operated by Cloudflare, Inc., so the same guarantees apply for these transmissions as for our other Cloudflare usage (Standard Contractual Clauses of the EU Commission pursuant to Art. 46 GDPR). We have no influence on this behavior, as it is technically conditioned by the editor used. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in operating the website).

4. Data Collection on the Website

Cookies and Local Storage

For the technically flawless operation of the website, we use essential cookies that may be set without consent as they are absolutely necessary for basic functionality. In addition, we use non-essential cookies exclusively after your explicit consent, which you can give via our consent banner. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Contact Form

Inquiries via our contact form are processed via the self-hosted Chatwoot solution. No forwarding of your inquiry data to external third-party providers takes place. Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for handling your concern.

Microsoft Clarity

If you have consented via our consent banner, we use Microsoft Clarity, a web analytics service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA). Clarity records interactions on our website (e.g. clicks, scroll behavior, mouse movements) and creates aggregated heatmaps and session recordings to improve our website. IP address, device and browser information, and pseudonymized usage data may be transmitted to Microsoft. Without your consent, the Clarity script is not loaded. Processing is carried out on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time by deleting stored cookies in your browser. For transfers to the USA, Microsoft relies on the EU Commission's Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information is available in Microsoft's privacy statement: https://privacy.microsoft.com/privacystatement

5. Data Collection and Functions in the App

In the context of using our app, we process personal data to the following extent:

Account Data

When registering and using your account, we collect your name, email address, and telephone number. Furthermore, we store relevant timestamps (account creation, last change, last login), your profile picture, and your club role.

Community and Contributions

Content that you publish within the app - including posts, comments, replies, and likes - are stored and processed. If you report a violation of our terms of service, this process is also documented.

Club Data

For managing club profiles, we process information such as name, address, telephone number, contact person, website, and description of the club as well as uploaded club documents, statutes, and regulations. To the extent that clubs act as providers within the meaning of PStTG/DAC7, we also process tax identification and register data of the club, in particular tax number, issuing country, VAT ID (if available), club/register number, register court, legal form, and, where applicable, a financial account identifier if it is available to us through payment service providers such as Mollie.

Catch Reports and Fishing Days

Catch reports include time, location, and optionally a photo of the catch. For fishing day reports, a timestamp is stored. Location data (GPS) is collected exclusively for the map function to display your current location in the water map - not in connection with catch reports or fishing day reports.

Water Information

Water information including associated images are maintained both by JetztAngeln UG and by the clubs themselves. To the extent that clubs edit this content, they act as data controllers responsible for the content they post; JetztAngeln UG only provides the technical platform in this regard.

Legitimation

For verification of your fishing entitlement, you can upload your fishing license. This data is stored exclusively on servers in Germany.

Club Membership via QR Code

Clubs can provide a QR code via which users can submit a membership application. In the course of this process, the name, profile picture, email address, and time of last activity of the joining user are displayed to the club administrator for review so that they can accept or reject the application. The processing of this data is carried out on the basis of Art. 6 para. 1 lit. b GDPR within the framework of preparing a contractual relationship between the user and the club.

6. Visibility and Roles

Club administrators have access within their administrative function to the following data of their members at any time: name, email address, profile picture, club role, time of last activity, and catch reports. Furthermore, administrators can change a member's club role. In the QR code-based membership procedure, administrators see the name, profile picture, email address, and time of last activity of a prospective member to decide on admission to the club. The fisheries authority can temporarily access relevant member data via a QR code-based inspection process. This access is limited in time to the end of the respective fishing day, but no more than 30 minutes. In this relationship, the respective fishing club acts as the data controller responsible under data protection law; JetztAngeln UG acts as the technical processor pursuant to Art. 28 GDPR.

7. App Permissions

The app requires the following device accesses depending on the functions used: access to camera and photo library for uploading profile pictures, contributions, and fishing license as well as for QR code-based control by the fisheries authority, access to location data (GPS) exclusively for displaying your position in the water map, and permission to receive push notifications for club information and status messages. All permissions are activated only after your explicit consent. For crash report collection, technical device information such as device model and operating system version are also collected and transmitted to Firebase Crashlytics. Security-critical data - such as authentication tokens - are encrypted in secure device storage and do not leave the device.

8. Registration via Third Parties

You have the option to register via Google Sign-In or Apple Sign-In. In this case, name and email address are transmitted to us by the respective provider. Passwords remain exclusively with the selected provider and are not stored or processed by us at any time.

9. Third-Party Providers, SDKs and Data Processing

For specific functions of our app and website, we use specialized third-party providers. These include: Adyen for secure payment processing, Firebase Crashlytics (Google Ireland Limited) for collecting crash reports and improving app stability, whereby technical device information such as device model and operating system version are also transmitted, MapLibre for displaying interactive water maps, CARTO (Tiles CDN) for map rendering, Esri ArcGIS World Imagery for optional satellite maps, OpenStreetMap Nominatim for address geocoding, and Cloudflare for DNS resolution, DDoS protection, and other security functions. When using these services, IP addresses and technical metadata may be transmitted to the respective providers. To the extent that third parties process personal data on our behalf, they are classified as processors pursuant to Art. 28 GDPR. The necessary processor agreements are in each case part of the general terms of use or the provided Data Processing Agreements of the providers used, which we have accepted in the context of using these services. For data transfers to third countries - in particular to the USA - we base the transfer on the Standard Contractual Clauses approved by the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR.

10. Privacy Notes for Minors

Our app is generally aimed at all age groups, as fishing is an accessible and widespread leisure activity for minors. No separate age verification currently takes place technically. For users under 16 years of age, we strongly recommend registering and using the app together with a parent or guardian. Parents have the right to request information about stored data on behalf of minor children as well as their correction or deletion. Please direct corresponding requests to [email protected].

11. Email Communication

For operating our services, we send system emails, such as for confirming your registration, account information, and security-relevant notices. The sending of newsletters takes place exclusively on the basis of your explicit and separate consent pursuant to Art. 6 para. 1 lit. a GDPR.

12. Data Storage and Deletion

Personal data is deleted as soon as the purpose of its processing ceases or your account is terminated at your request. For data with tax, commercial law, or reporting relevance - in particular invoice, payment, tax, register, and PStTG/DAC7 reporting data - the statutory retention periods of up to ten years apply pursuant to § 147 AO and § 257 HGB as well as applicable tax documentation obligations. This data is deleted without delay after expiry of the period. Club and catch data may be stored beyond account deletion to the extent necessary for legitimate club purposes. When a member leaves a club, their catch reports are anonymized - meaning the assignment to the person is irrevocably removed so that no personal reference can be established anymore. For technical purposes of system stability and error diagnosis, server and application logs are stored. These logs may contain personal data such as IP addresses or internal user identifiers. Application logs at container level are limited to a maximum of 7 days and a file size of 10 MB per file with a maximum of 3 files per service. System and server logs are automatically deleted after at most 7 days. Data backups (backups) are kept for a period of 7 days and then irrevocably deleted. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR (legitimate interest in system security and error diagnosis).

13. Your Rights as Data Subject

Pursuant to GDPR, you have the following rights: the right to information about the data stored about you (Art. 15 GDPR), the right to rectification of incorrect data (Art. 16 GDPR), the right to deletion or restriction of processing (Art. 17, 18 GDPR), the right to data portability (Art. 20 GDPR), the right to withdraw consents given with effect for the future, and the right to complain to the competent data protection supervisory authority. The competent supervisory authority is: State Commissioner for Data Protection Lower Saxony (LfD Lower Saxony) Prinzenstraße 5, 30159 Hanover www.lfd.niedersachsen.de For exercising your rights, please contact: [email protected]

14. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy if legal requirements change, new functions are introduced, or we use new third-party providers. The date at the beginning of the document indicates the status of the current version in each case. In the event of significant changes - in particular if new data processing operations are added, new third parties receive data, or the purposes of processing change - we will inform you in advance by email or via an in-app notification. The notification is given with reasonable advance notice so that you have the opportunity to review the changes and delete your account if necessary. For editorial adjustments without substantive effects - such as refinements of wording or updates of contact data - no separate notification takes place. We recommend reading this privacy policy regularly to always be informed of the current status.

15. Legal Basis for Processing

The processing of your personal data takes place on the following legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (fulfillment of a contract or pre-contractual measures), Art. 6 para. 1 lit. c GDPR (compliance with legal obligations, in particular tax retention and PStTG/DAC7 reporting obligations), and Art. 6 para. 1 lit. f GDPR (legitimate interests of the controller or a third party). Where PStTG/DAC7 reporting obligations apply, the required provider, tax, register, remuneration, and financial account data may be transmitted to the German Federal Central Tax Office or competent tax authorities.