Privacy

Privacy Policy Website

Your privacy and your right to control your personal data are particularly important to us, Fabit GmbH (“Fabit“). Data protection is carried out under the relevant legal regulations.

The following privacy policy applies to the use of the website. For information on how your data is handled within the Fabit app, please refer to the app privacy statement below or directly in the app.

In the following, we inform you about the processing of your personal data at Fabit and the rights to which you are entitled under data protection law. Personal data is any information relating to an identified or identifiable natural person. As a generic term, processing includes any form of handling of data.

You can contact us at any time about privacy and data protection issues by emailing us at privacy@fabit.app.

For better readability, the masculine form has been chosen.

Responsible entity

Responsible for data processing in the sense of data protection law is:

Fabit GmbH
Hauptstrasse 153
10827 Berlin

E-Mail: info@fabit.app
Telefon: +49 156 7842 0146

Managing Directors: Robert Heim, Susanne Krehl, Dr. Ralf-Michael Schmidt

1. General Information on Data Processing

1.1 Scope of the Processing of Personal Data

As a matter of principle, we collect and use the personal data of our users only to the extent that this is necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users are regularly carried out only after their consent. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

1.2 Legal Basis for the Processing of Personal Data

Personal data is any information relating to an identified or identifiable natural person.

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 para. 1 sentence 1 lit. a) of the General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. This includes, for example, any consent you may have given to receive newsletters.

For the processing of personal data to fulfill a contract, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject (e.g. legal retention obligations), Art. 6 para. 1 sentence 1 lit. c) GDPR serves as the legal basis.

If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 para. 1 sentence 1 lit. d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third-party and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Article 6 para. 1 sentence 1 lit. f) GDPR serves as the legal basis for the processing. Thus, we also process data in your and our interest to ensure the integrity, confidentiality, and availability of the data processing systems, i.e. in particular the security and availability of your data at Fabit.

1.3 Data Deletion and Duration of Storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which our company is subject (e.g. statutory retention periods). Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

2. Provision of the Website and Creation of Log Files

2.1 Description and Scope of Data Processing

Our website is hosted on the servers of WPspace. WPspace’s analytics system collects statistical data about visits to our website. Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

• information about the browser type and version used
• the operating system of the user
• internet service provider of the user
• the IP address of the user
• date and time of access
• websites from which the user’s system accesses our website
• websites that are called up by the user’s system via our website
• name and URL of the retrieved web page or file
• language preference

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2.2 Legal Basis for Data Processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 sentence 1 lit. f) GDPR.

2.3 Purpose of Data Processing

The processing of the above data takes place to enable the use of the website in technical terms.

WPspace uses the log data for statistical evaluations for the purpose of operation, security and optimization of the offer and these are also available to us as the operator of this website.

2.4 Third-party Information

WPspace, Broll IT & Media GmbH, Am Metternicher Bahnhof 10, 56072 Koblenz, Germany, takes physical, electronic and procedural security measures to protect the personal data of its users and website visitors. Terms of Use: https://wp-space.de/en/allgemeine-geschaeftsbedingungen/, and Privacy Policy: https://wp-space.de/en/datenschutzerklaerung/.

2.5 Duration of Storage, Possibility of Objection, and Elimination

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the late.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, you cannot object.

3. Recipient of Data

You have the option of transferring all or part of your data stored in your Fabit account to our Fabit partners for certain purposes. Fabit will only transfer your data at your request and with your explicit consent. Once your data has been transferred to a Fabit partner, the partner will be responsible for processing your data. The Fabit partner is then the responsible party within the meaning of Art. 4 no. 7 GDPR.

To be able to offer you all the functions at Fabit, we also use selected service providers who process data on our behalf. We only pass on data to service providers carefully selected by us and commissioned in writing within the framework of legally permissible order processing. These only receive the data that is necessary for the fulfillment of the order and process it exclusively on our instructions. This includes the following categories of order processors: Hosters of servers, newsletter and email senders, web analytics services.

4. Use of Cookies

4.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that makes it possible to uniquely identify the browser when you return to the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

4.2 Legal Basis for Data Processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 sentence 1 lit. a) GDPR if you have given your consent in this regard.

4.3 Purpose of the Data Processing

We distinguish cookies of the functional groups described below:

4.3.1 Essential Cookies

Essential cookies are required for the basic functionality of the website. They contain only technically necessary services. These services cannot be objected to.

The following data is stored and transmitted in the cookies: Page settings and other status information.
The purpose of the use of technically necessary cookies is to simplify the use of websites for you. We therefore also use cookies to be able to identify you for subsequent visits. Also, some functions of our website cannot be offered without the use of cookies. For these, the browser must be recognized even after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

4.3.2 Functional Cookies

Functional services are necessary to provide features beyond the essential functionality, such as prettier fonts, video playback, or interactive Web 2.0 features. Content from video platforms and social media platforms, for example, is blocked by default and can be consented to. When the service is consented to, this content is automatically loaded without further manual consent.

4.3.3 Cookies for Performance and Statistics

These cookies are needed to collect pseudonymous data about visitors to the website. The data allows us to better understand you and optimize the website. This allows us to understand how our website is used and where errors have occurred. We can then use this information to make the website more user-friendly, for example, or to better tailor information and services to you. In this way, the following data can be transmitted: Frequency of page views and use of website functions.

4.4 Duration of Storage, Possibility of Objection, and Elimination

Cookies are stored on your computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

4.5 Cookie Management

4.5.1 Cookie Consent Tool (Real Cookie Banner)

To enable you to control the use of cookies, a cookie consent tool is implemented on the website (hereinafter: Real Cookie Banner). Real Cookie Banner is operated by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany and shows you a cookie list structured by function groups, explains the purpose of the cookie function groups and the individual cookies as well as their storage period.

For the use of Real Cookie Banner, the storage of a cookie is technically necessary.

4.5.2 Settings via Real Cookie Banner

When you visit the website for the first time, Real Cookie Banner is displayed as a pop-up window. Here you can accept or reject the cookies. Under “Set privacy settings individually” you can enable or disable the cookies by function group in the pop-up window by clicking on the corresponding box. Please note that the technical cookies are already stored when you access the website and the relevant box is preset.

If technical cookies are deselected, the use of the website or individual functions on the website may be restricted or impossible.

Your Cookie Settings If you want to check or change your cookie settings, either click on “Cookie Einstellungen” in the footer (at the bottom of the website) or make the appropriate settings in Real Cookie Banner: Change cookie settings History of cookie settings Revoke consent

4.5.3 Revocation/Opt-out Options

4.5.3.1 Setting via Real Cookie Banner

If you have consented to the setting of cookies during your visit to this website, you can revoke your consent by calling up Real Cookie Banner (see above “Your Cookie Settings”) and deselecting the relevant cookie function group.

4.5.3.2 Directly with the Respective Cookie Provider

In addition to the revocation option via Real Cookie Banner, you can deactivate cookies directly with the cookie provider or prevent the processing of data through browser plugins. If a cookie provider offers such options, we have included a corresponding link in the respective notices.

4.5.3.3 Browser Settings/Plug-ins

An additional way to control the use of cookies is through appropriate settings in browsers with corresponding setting options.

4.6 Description of the Cookies Used

4.6.1 Google Analytics

4.6.1.1 Description and Scope of Data Processing

This website uses Google Analytics, a web analytics service provided by Google, Inc. (hereinafter: Google). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the case of activation of IP anonymization on this website (see below), however, your IP address will be truncated beforehand by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and then shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Google Analytics is used on this website with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form and personal references can thus be ruled out. As far as the data collected about you have a personal reference, this is excluded immediately and the personal data is thus deleted immediately.

4.6.1.2 Legal Basis for Data Processing

The legal basis for the processing of personal data is the consent given by you via Real Cookie Banner (Art. 6 para. 1 sentence 1 lit. a) GDPR).

4.6.1.3 Purpose of Data Processing

​We use Google Analytics to analyze and regularly improve our website. The statistics obtained allow us to improve our offer and make it more interesting for you.

4.6.1.4 Third-party Information

​Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Privacy Policy: https://policies.google.com/privacy, and Terms of Use: https://marketingplatform.google.com/about/analytics/terms/us.

4.6.1.5 Duration of Storage, Possibility of Objection, and Removal 

The data is deleted as soon as it is no longer required for our recording purposes. Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

4.6.2 Google Tag Manager

This website uses the Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tag Manager itself does not set cookies; it only tags and does not collect any personal data. The service triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with the Google Tag Manager.

4.6.3 YouTube Videos

On the YouTube platform (https://www.youtube.com/) we have uploaded and stored videos that are integrated into our online offer and can be played directly from our website.

We want you to retain control over your data, that is why we use the data protection-friendly so-called two-click solution for the integration. This means that by default, all videos are initially deactivated and are only activated and loaded from the platform after you click on the “Play” button. After activating the link, your personal data about the use is automatically processed by the platform, as if you were visiting the platform directly. We have no influence on this processing and the platform is solely responsible for it.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the personal data listed under 2.1 are transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether such a user account does not exist. If you are logged in to Google, your data will be directly assigned to your Google user account. If you want to prevent this association with your profile on YouTube, you must log out before activating the button on YouTube. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about their activities on our website. To exercise your right to object to the creation of these user profiles, you must contact YouTube directly.

YouTube is used in the interest of an appealing presentation of our online offer. This represents a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 sentence 1 lit. a) GDPR; the consent can be revoked at any time. 

For more information about the purpose and scope of data collection and processing by YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), please refer to Google’s privacy policy. There you will also find more information about your rights and settings options to protect your privacy: https://policies.google.com/privacy.

4.6.4 Polylang

We use Polylang for the multilingualism of our website. Polylang is a service provided by WP SYNTEX, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France. Cookies from Polylang are set to recognize and record the language you use or choose. These cookies are stored for one year and then deleted. For more information about Polylang, please see the Privacy Policy: https://polylang.pro/privacy-policy/ and the Terms of Use: https://polylang.pro/terms/. The legal basis for the use of Polylang is Art. 6 para. 1 p. 1 lit. f) GDPR.

4.6.5 Social Network

We currently integrate features from the following social networks: Facebook, Instagram, LinkedIn, TikTok, Twitter, and YouTube.

The legal basis for the processing of this data is your consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR and your consent under Art. 49 para. 1 sentence 1 lit. a) GDPR.

In doing so, you also consent to the processing of your data for transfer to third countries. In this context, there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed.

5. Newsletter

5.1 Description and Scope of Data Processing

On our website, you can subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. This includes your email address, your first name or nickname, your smartphone operating system, and the date and time of registration.

For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.

No data will be passed on to third-parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

5.2 Legal Basis for Data Processing

The legal basis for the processing of data after your registration for the newsletter is, with your consent, Art. 6 para. 1 sentence 1 lit. a) GDPR.

5.3 Purpose of the Data Processing

The collection of your email address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address provided.

5.4 Duration of Storage, Possibility of Objection, and Removal

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your email address will therefore be stored as long as the subscription to the newsletter is active. The other personal data collected during the registration process is usually deleted after seven days.

You can cancel your subscription to the newsletter at any time. For this purpose, you will find a corresponding link in each newsletter. This also allows you to revoke your consent to the storage of personal data collected during the registration process.

5.5 Third-party Information

Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Terms of use: https://www.sendinblue.com/legal/termsofuse/, and privacy policy: https://www.sendinblue.com/legal/privacypolicy/.

6. Contact via Email

6.1 Description and Scope of Data Processing

​On our website, it is possible to contact us via the email address provided. In this case, your personal data transmitted with the email will be stored.

6.2 Legal Basis for Data Processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the email contact aims after a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

6.3 Purpose of the Data Processing

The processing of personal data based on the contact by email serves us solely for the processing of this request; this is also the necessary legitimate interest in the processing of the data.

6.4 Duration of Storage, Possibility of Objection, and Removal

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent by email, this is the case when the respective conversation with you has ended. This is the case when it is clear from the circumstances that the matter in question has been conclusively clarified.

You have the option to revoke your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

7. Surveys

We use the Google Forms application from Google to conduct online surveys.

Participation in surveys is voluntary. The type of personal data collected by us in this context and, if applicable, a purpose for processing your personal data that goes beyond participation in the survey is specified in the respective form used for a survey or in the wording of the declaration of consent attached to it

The legal basis for the processing of personal data provided by you is Art. 6 para. 1 sentence 1 lit. a) GDPR.

Since our surveys are conducted on websites operated by Google, further personal data may be processed there by this provider itself through the use of cookies (e.g. the IP address). Fabit has no influence on the processing of such personal data by Google. We, therefore, refer you to Google’s privacy policy, which can be accessed at the following link: https://policies.google.com/privacy. For more information on Google Forms, please visit https://workspace.google.com/products/forms/.

8. Data Subject Rights

Following Art. 15 GDPR, you have the right to receive information about the personal data stored about you, including any recipients and the planned storage period. If incorrect personal data is processed, you have the right to rectification under Art. 16 GDPR. If the legal requirements are met, you can request the deletion or restriction, if we are not yet allowed to delete your data due to legal obligations, of the processing as well as to object to the processing (Art. 17, 18, and 21 GDPR). In addition, you have the right to data portability according to Art. 20 GDPR, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).

You can revoke any declarations of consent granted by you under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

If you believe that the processing of your personal data violates data protection law, you have the right to complain to the supervisory authority responsible for us by Art. 77 para. 1 GDPR. To do so, contact, for example, the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller. In Berlin, the competent supervisory authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Alt-Moabit 59-61, 10555 Berlin, Eingang: Alt-Moabit 60. A list of the supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html.

9. Modification of this Privacy Policy

We will update our privacy policy from time to time to protect your personal information. Therefore, please review our Privacy Policy from time to time to stay informed about how we are protecting your information and continually improving the content of our website. If we make any material changes to the collection, use, and/or disclosure of the personal information you provide to us, we will notify you by posting a prominent notice on the website. For each further visit to our website, the current version of the data protection declaration shall apply.

 

 

Privacy Policy App

In addition to our website privacy policy, you will find below all information about the processing of your personal data by the Fabit app (“Fabit app” or “app“) of Fabit GmbH (“Fabit“). Data protection is carried out under the relevant legal regulations.

You may contact us at any time via email at privacy@fabit.app regarding privacy and data protection issues.

Responsible entity

Responsible for data processing in the sense of data protection law is:

Fabit GmbH
Hauptstrasse 153
10827 Berlin

E-Mail: info@fabit.app
Telephone : +49 156 7842 0146

Managing Directors: Robert Heim, Susanne Krehl, Dr. Ralf-Michael Schmidt

1. General Information on Data Processing

1.1 Scope of the Processing of Personal Data

We have designed and developed our app according to the principles of Privacy by Design so that only such data is collected in data processing operations that are necessary for the corresponding processing purpose. We therefore only collect and process personal data that is necessary to provide a functional app and our content and services. In principle, the collection and use of personal data only take place after your consent. An exception applies in cases where obtaining prior consent is impossible for factual reasons and the processing of the data is permitted by law.

1.2 Legal Basis for the Processing of Personal Data

Personal data is any information relating to an identified or identifiable natural person.

Art. 6 para. 1 sentence 1 lit. a) of the General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data, insofar as your consent is obtained for these processing operations.

Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis if personal data is processed to fulfill a contract or for carrying out pre-contractual measures.

For the processing of personal data for the fulfillment of a legal obligation to which Fabit is subject, Art. 6 para. 1 sentence 1 lit. c) GDPR is the legal basis.

Insofar as vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 sentence 1 lit. d) GDPR serves as the legal basis.
Art. 6 para. 1 sentence 1 lit. f) GDPR serves as the legal basis for processing insofar as the processing is necessary to protect a legitimate interest of Fabit or a third-party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest. Thus, we also process data in our mutual interest to ensure the integrity, confidentiality, and availability of the data processing systems, i.e. in particular the security and availability of your data at Fabit.

1.3 Data Deletion and Duration of Storage

As soon as the purpose for storing your personal data ceases to apply, it will be deleted or blocked. Storage may also take place in cases where this has been provided for by the national or European legislator in Union regulations, laws, or other provisions to which Fabit is subject (e.g. statutory retention periods). Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires – the only exceptions to this are cases in which the continued storage of data is necessary for the conclusion or fulfillment of a contract.

2. Download, Register, and the Use of the App

Personal data is any information relating to an identified or identifiable natural person. To create a Fabit account with us, you must provide the following data during registration: email address as well as a password, personal information (display name and choice of avatar). Without entering this mandatory information, you will unfortunately not be able to use Fabit.

The following data is also stored at the time of registration:

• language preference
• date and time of registration
• date and time of consent in terms and conditions of use
• date and time of confirmation that the privacy policy has been read
• time zone
• your personal buddy ID
• installation ID

In doing so, your consent to the processing of this data is obtained.

We collect the personal data that you provide when downloading our app as part of the registration and use of the app and, if applicable, data that we request from you to properly implement the app in the further process. Please refrain from submitting your data if you do not agree to process it. In this case, no further processing will take place.

Your registration is necessary for the fulfillment of a contract with you or the implementation of pre-contractual measures.

The following data is collected in the course of use:

• first and last name, other profile information (e.g. “about me”)
• payment and financial data, and other financial information, such as revenues, expenses, debts and corresponding categorizations
• photos and documents of incoming mail, invoices, and other correspondence
• ratings and comments on actions and challenges in the app to incentivize certain behaviors of the user that serve the financial stability of the user
• use and history of executed actions
• buddy network, posts, comments, and likes within the Fabit community
• personal savings tips
• search history
• product interaction

We collect your personal information to provide you with our app at your request. This allows you to manage your finances and receive individualized savings and financial tips. In addition, the data is collected to create a digital budget book with helpful analyzes about your finances. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

We also collect and process your personal data to protect our legitimate interests or the legitimate interests of third parties, insofar as the data processing is necessary for the protection of these legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). In addition, we have a legitimate interest to send you promotional information, unless you object to receiving such (promotional) information.

If you have given us your express consent, we will process your data by the purposes stated there (Art. 6 para. 1 sentence 1 lit. a) GDPR).

We process your data to collect and use information that you authorize us to receive through the device-based settings you enable (e.g., granted access to your camera, media, or photos) so that we can provide the services described when you enable the settings. This includes taking photos of documents related to correspondence, invoices, and other correspondence, or directly uploading existing digitized documents.

Your data will not be passed on to third-parties unless we have made this clear to you in advance. This may be the case, for example, when reading, evaluating, and analyzing your incoming mail, invoices, and other documents uploaded to us. If you commission us with the order, we will transmit the data required for this to the corresponding provider. Only the information that is required for the execution of the respective order will be transmitted. This includes the document(s) provided and name/ID.

3. Subscription Management & Payment Processing Premium Version

Within the Fabit app, you can purchase the paid premium version. In addition to the personal data required for registration (see section 2. of this privacy policy above), we collect the following data required to complete the purchase: 

• Purchase date, 
• Subscription information, such as start and end date of the subscription, and
• Subscription ID.

The legal basis for the processing is the contract in progress or concluded with you for the purchase of our paid premium version, Art. 6 para. 1 sentence 1 lit. b) GDPR. You are neither contractually nor legally obligated to provide the corresponding data. However, you may then not be able to conclude a contract with us for the use of our services or other offers.

We only transmit personal data to third parties if this is necessary in the context of contract processing, for example, to the credit institution commissioned with payment processing or to the third-party provider commissioned for subscription management (see below). A further transmission of the data does not take place or only if you have expressly consented to the transmission (Art. 6 para. 1 sentence 1 lit. a) GDPR). Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

Our subscription management is handled by our third-party provider RevenueCat Inc, 633 Taraval St, San Francisco, California 94116, USA (hereinafter: RevenueCat). This provider acts as a processor for us, whereby the processing of the subscription management by RevenueCat takes place under its own responsibility. For more information about RevenueCat’s subscription management, please visit https://revenuecat.com/why-revenuecat/ and read the Terms of Use: https://revenuecat.com/terms/, as well as the Privacy Policy: https://revenuecat.com/privacy/.

The payment itself is processed via the respective app store (Apple App Store and Google Play). As part of the processing via the app stores, Fabit receives and processes your email address for billing purposes. Fabit does not process any other personal data, including any payment information. The app store providers themselves are responsible for processing. For more information, please refer to the Terms of Use (https://apple.com/de/legal/internet-services/terms/site.html or https://play.google.com/intl/de_de/about/play-terms/index.html) and the Privacy Policy (https://apple.com/de/legal/privacy/ or https://policies.google.com/privacy) of the respective app stores.

4. Bank Account Connection/Account Information Service

If you decide to use the bank account connection, so-called account information service, the information presented in this section shall apply in addition to the other data protection information. The account connection is carried out by a payment service provider registered with the German Federal Financial Supervisory Authority (BaFin), with whom you conclude a separate contract. The terms and conditions of the respective payment service provider apply.

Within the scope of use, the following data on the connected bank, credit card and/or payment service account, e.g. Paypal, will be collected for a certain period of time::

• account holder
• account type, e.g. current account
• description, e.g. “main account”
• name of the connected financial institution
• the last four characters of the account ID (e.g. IBAN) to help you identify the account
• account balances
• transaction data, including purpose of account transactions
• category name assigned by the payment service provider
• timestamp of the transaction date
• IDs provided by the payment service provider
• timestamp when the account was saved in Fabit
• timestamp when your bank account was last synchronized
• timestamp, if applicable, when your consent to synchronization expires
• timestamp, if applicable, when you deregistered your account from future synchronization

For the use of the account information service, we process the account data according to your order. The account data is synchronized for you several times a day. Before the payment service provider collects information and data from your account, he obtains your consent. You will be specifically informed about the data to be processed and the processing purposes. For example, after your consent, he collects IBAN and your name to be able to assign the specified account details to you. Furthermore, he collects the data required for logging into your bank account (including any necessary second factor, e.g. TAN). However, this data is only forwarded to your bank and is only stored by the payment service provider and not by us.

You can deregister your account from the synchronization at any time. Separated accounts are excluded from the synchronization process between Fabit and the payment service provider and no new turnover data is stored for this account. Data that has already been synchronized remains stored at Fabit and accessible to you. You can delete a connected account, which will delete all stored account and associated turnover data from Fabit.

The legal basis for processing your data for the account information service is in case of your consent Art. 6 para. 1 sentence 1 lit. a) GDPR.

5. Push Notifications and Messages

For the best support on your journey to financial health, we send you useful and motivating information to your smartphone as push notifications and/or email. These push notifications and messages contain, for example, a reference to a buddy request or confirmation or tips, e.g. on spending management and action planning.

We use the service Google Firebase Cloud Messaging, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to notify the Fabit App that there is new information in the App. The push notifications are only used to notify that there is new information. The app then downloads the actual information itself directly from our servers and displays a notification locally if necessary. The information itself is not transmitted via Google Firebase Cloud Messaging. For more information about Google Firebase Cloud Messaging, please visit https://firebase.google.com/products/cloud-messaging/, and read the Terms of Use: https://firebase.google.com/terms/, and Privacy Policy: https://firebase.google.com/support/privacy.

Under “Settings” and then “Notifications” you can decide which push notifications and messages we shall send to your smartphone or as an email.

Product-related, transactional emails are sent via Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. For more information please read the Terms of Use: https://de.sendinblue.com/legal/termsofuse/, as well as the Privacy Policy: https://de.sendinblue.com/legal/privacypolicy/. Mandatory emails, such as those regarding registration, forgot password or account deletion, cannot be unsubscribed individually.

6. Third-Party Providers

In order to further improve the Fabit app for you and make it more usable, we use third-party providers. This also allows us to better understand how you use which features and can thus prioritize new features accordingly and continuously optimize existing ones for you. We perform pseudonymized and/or anonymized analyzes so that a reference to personal data is not possible at any time.

The following third-party providers are integrated:

6.1 Google Firebase Dynamic Links

Google Firebase Dynamic Links uses data to open the Fabit app on a specific page or in a specific context using deep linking. Google Firebase Dynamic Links stores device data only temporarily to provide the service.

Third-party provider information: Google Firebase Dynamic Links, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Terms of Use: https://firebase.google.com/terms/, and Privacy Policy: https://firebase.google.com/support/privacy.

6.2 Sentry

Using the analysis tool Sentry, we can analyze which errors occur in the Fabit app. When errors occur in the app, a report is sent to Sentry so that we can track and fix the errors.

Third-party provider information: Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Terms of use: https://sentry.io/terms/, and privacy policy: https://sentry.io/privacy/.

7. Duration of Storage, Possibility of Objection, and Elimination

If the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations (e.g. tax or commercial law retention obligations) do not prevent deletion.

If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. You have the right to object to processing your personal data for direct marketing purposes without giving reasons. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

You can also disable the device-based settings for camera, media, or photos at any time. Then you will not be able to send or upload any more photos and documents for incoming mail, invoices, and other correspondence.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

8. Obligation to Provide Personal Data

By downloading our app and using our services, you must provide the personal data that is required for the establishment, implementation, and termination of the contractual relationship and the fulfillment of the associated obligations, or which we are required to collect by law. Without this data, we cannot provide you with our services.

9. Data Subject Rights

As a data subject you have the following rights:

• right to obtain information about the data stored about you, including any recipients and the planned storage period (Art. 15 GDPR)
• right to rectification or completion of inaccurate or incomplete personal data being processed (Art. 16 GDPR)
• right to immediate deletion (“right to be forgotten”), provided that the legal requirements are met (Art. 17 GDPR)
• right to restriction of processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR)
• right to data portability, provided you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR)
• right to object to processing (Art. 21 GDPR)
• right not to be subject to a decision based solely on automated processing, including profiling, where that decision produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR)

Right of revocation for declarations of consent granted by you under data protection law. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation (Art. 7 para. 3 GDPR).

Right to complain to a supervisory authority if you believe that the processing of your personal data violates data protection law (Art. 77 para. 1 GDPR). To do so, contact, for example, the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller (Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Alt-Moabit 59-61, 10555 Berlin, Eingang: Alt-Moabit 60). A list of the supervisory authorities (for the non-public sector) with the respective contact details can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

10. Modification of this Privacy Policy

To protect your personal data, we will update our privacy policy regularly. Therefore, please stay informed and review our privacy policy from time to time. In the event of significant changes to the collection, use, and/or disclosure of the personal information you provide to us, we will notify you accordingly. For any further use of our app, the current version of the privacy policy applies.

Status: December 2022