Privacy notice

1. Information on the collection of personal data

(1.1) This privacy notice provides information on the collection of personal data when you visit our website. Personal data comprises all information that can be used to personally identify you, e.g. name, address, email addresses, user behaviour.

(1.2) The data controller for this website pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) are Natascha Fadeeva (Granitweg 9, 04683 Naunhof, Germany) and Sascha Klatt (Mittweidaer Str. 102, 09648 Mittweida, Germany). You can contact us via email at hello@appocados.com.

(1.3) Wenn Du per E-Mail Kontakt mit uns aufnimmst, speichern wir die von Dir mitgeteilten Daten (Deine E-Mail-Adresse, Dein Name oder Deine Telefonnummer), gemäß Art. 6 (1) lit. f DSGVO, um Deine Anfrage zu beantworten. Die zu diesem Zweck erhobenen Daten werden gelöscht, sobald die Speicherung nicht mehr erforderlich ist. Wenn gesetzliche Aufbewahrungspflichten bestehen, schränken wir die Verarbeitung ein.

(1.4) Wenn wir für die Bereitstellung einzelner Funktionen unserer Website Dienstleistungen Dritter in Anspruch nehmen oder Deine Daten zu Werbezwecken nutzen möchten, werden wir Dich vorher informieren und Deine Einwilligung einholen. Für diesen Fall möchten wir Dich darauf hinweisen, dass Du in diesem Fall unsere Dienste wie gewohnt nutzen kannst, auch wenn Du der Nutzung Ihrer Daten für andere Zwecke nicht zustimmst. Wir verarbeiten Deine Daten nur zu dem Zweck und zu den Kriterien, zu denen sie erhoben wurden, insbesondere Zweck und Dauer der Speicherung. Wir geben Dir gerne jederzeit Auskunft über Deine diesbezüglichen Rechte.

2. Your rights

(2.1) You are entitled to the following rights regarding your personal data stored by us:

• Right to information
• Right to rectification or erasure
• Right to restrict data processing
• Right to object to processing
• Right to data portability

(2.2) You also reserve the right to lodge a complaint with a data protection supervisory authority in relation to processing of your personal data carried out by us.

3. Collection of personal data when you visit our website

(3.1) In the case of purely informational uses of our website, i.e. when you do not register or disclose information to us using any other method, we shall only collect the personal data that is transmitted to our server by your browser. If you would like to view our website, we shall collect the following data, which is technically required to display our website and ensure the stability and integrity of our website as per Art. 6 (1) lit. f GDPR:

• IP address
• Date and time of the visit
• Time difference to Greenwich Mean Time (GMT)
• Content of the request (specific pages)
• Access status/HTTP status code
• Data volume transmitted per visit
• Website from which the request originated
• Browser
• Operating system and the corresponding user interface
• Language and version of the browser software

(3.2) Use of cookies

Cookies are small text files that are allocated to your browser and saved on your hard drive, which enables the website that sets the cookie to receive certain information. Cookies are not able to execute programs or transfer viruses to your computer. Their purpose is to make the website as user-friendly and effective as possible.

• a) The scope and functioning of cookies:

  • Transient cookies (see b)
  • Persistent cookies (see c)

• b) Transient cookies are automatically erased when you close your browser. They include session cookies. These cookies store a session ID, which is used to assign various requests made during an individual session to your browser. This enables the future recognition of your device when you return to the website. Session cookies are deleted when you log out or close your browser.

• c) Persistent cookies are automatically erased after a defined period, which varies from cookie to cookie. You can erase cookies in the security settings of your browser at any time.

• d) You can configure your browser settings to your desired settings and block third-party or all cookies, for example. We would like to note that objecting to cookies may prevent the proper functioning of certain features on this website.

(3.4) Email list data

(3.4.1) General email list data

When you subscribe to any of our email lists, we collect your email address for the primary purpose of keeping you informed about the subject matter of the respective email list.

In addition, we store the language in which you registered to facilitate effective communication. This enables us to send you emails in the correct language, further enhancing your experience and ensuring that our messages are easily understandable and relevant to you.

In order to enhance the security of our systems and comply with the requirements of the General Data Protection Regulation (GDPR), we also store registration dates, email verification dates, and verification tokens. These measures are implemented to safeguard the integrity of our systems and protect your personal data.

Please be assured that we strictly use all the collected data solely for the purposes mentioned on this page, and we delete it upon your request. Respecting your time and privacy is of utmost importance to us. Moreover, you have the freedom to unsubscribe from any email list at any time, granting you complete control over your subscriptions.

(3.4.2) Waitlist for app users

When you join our app user waitlist, we only collect the general email list data mentioned in "(3.4.1) General email list data".

We intend to provide you with regular updates, as well as share your feedback with anonymous feedback forms and surveys about our product development process, to ensure that the final product aligns with your needs as a potential customer.

(3.4.3) Waitlist for recipe creators

When you join our recipe creator waitlist, we collect the general email list data mentioned in "(3.4.1) General email list data".

Furthermore, we offer you the option to voluntarily provide your website URL and social media presences. Sharing this additional information helps us gain a better understanding of your audience, enabling us to develop the best possible product for you. It's important to note that you have the right to request the deletion or correction of this data at any time, ensuring that you maintain control over the information you share with us.

Our intention is to send you continuous updates throughout our product development process. Our main objective is to provide you with regular updates, as well as the opportunity to share your feedback with anonymous feedback forms and surveys. By doing so, we can ensure that the final product is tailored to meet your specific needs as a valued potential customer.

4. Data transfer to third countries

(4.1) Personal data is only transferred to countries outside the European Union (EU) if the conditions of Article 44 ff. GDPR are met. A third country is a country outside the European Union (EU) in which the GDPR is not directly applicable.

(4.2) The EU Commission has not issued an adequacy decision for the USA pursuant to Article 45 (1) GDPR. This is because, according to the European Court of Justice in its ruling of 16.07.2020 (Case C-311/18, “Schrems II”), there is no level of data protection in the USA that would be comparable to that in the EU. When transferring personal data to the US, there is a theoretical risk that US authorities could gain access to the personal data on the basis of the surveillance programs PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and on the basis of Executive Order 12333 or Presidential Police Directive 28. According to the European Court of Justice, EU citizens do not have effective legal protection against these accesses in the US or the EU.

(4.3) We only transfer your personal data to the USA or other third countries if either

• the recipient provides sufficient guarantees in accordance with Article 46 of the GDPR for the protection of personal data – for example, the conclusion of standard contractual clauses between us and the recipient (Article 46(2)(c) of the GDPR) or binding internal data protection rules approved by the competent data protection authorities (Article 46(2)(b) of the GDPR). In this way, the recipient assures that the data is adequately protected and thus guarantees a level of protection comparable to the GDPR.

• one of the exceptions listed in Article 49 of the GDPR applies – for example, your express consent (Article 49(1)(a) of the GDPR) or if the transfer is necessary for the performance of contractual obligations between you and us (Article 49(1)(b) of the GDPR).

5. Individual third-party services we use on our website

5.1 MongoDB Atlas

(5.1.1) We use the MongoDB Atlas cloud database service of MongoDB Inc, 1633 Broadway, 38th Floor, New York, NY 10019, USA (hereinafter “MongoDB”) to store our user's email list data.

(5.1.2) The utilization of MongoDB is essential for storing email list registration data, enabling a seamless process for email list registration and verification. This encompasses all input fields within our email list registration forms, including the email address, website url, social media platforms, and language settings of the user. (see also section 3.4 on email list data).

(5.1.3) The GDPR requires us as data controllers to use only data processors (such as MongoDB) that provide sufficient guarantees to meet the requirements of GDPR Article 28. MongoDB's terms of service applicable to MongoDB Atlas and other MongoDB Cloud Services reflect the Article 28 requirements.

(5.1.4) As a MongoDB customer, we are covered by the MongoDB Data Processing Agreement "DPA", that incorporates the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to third countries).

(5.1.5) For more information on MongoDB's privacy policy, please see MongoDB's privacy policy.

5.2 SendGrid

(5.2.1) We use the SendGrid service of Twilio SendGrid Inc, 1801 California St #500 Denver, CO 80202, USA (hereinafter “SendGrid”) to send emails to our customers. SendGrid is used to send confirmation emails, transaction confirmations and emails with important information regarding existing requests. The dispatch via a specialised service provider is necessary to ensure the delivery of the emails to your email account and to reduce the probability of these emails being classified as “spam” by your email provider. This constitutes a legitimate interest within the meaning of Article 6 Para. 1 lit. f) GDPR. In addition, the use of SendGrid is necessary for the fulfilment of the contract with you (Article 6 para. 1 lit. b) GDPR).

(5.2.2) The data provided with the respective request, including your email address and language settings, are processed to ensure that we can send you emails in your preferred language.

(5.2.3) As a SendGrid customer, we are covered by the Twilio Data Protection Addendum, that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to third countries).

(5.2.4) For more information, please see SendGrid Inc.'s privacy policy.

5.3 Matomo

(5.3.1) We use Matomo, an open-source software for the statistical evaluation of visitor access. With Matomo we store the following data:

• Anonymized IP-address (2 bytes are masked)
• Content of the access (concrete site)
• Website from which an accessing system reaches our website (Referrer)
• Visited subpages
• Length of stay
• Visitation frequency

(5.3.2) Matomo runs exclusively on servers of in Germany hosted by Uberspace. Your personal data will only be stored there and won't be transferred to third parties.

(5.3.3) We configured Matomo to automatically masks 2 bytes of your IP address. Therefore, it cannot give any conclusions about your person.

(5.3.4) We process the data to analyze the behavior of our website visitors. Through the evaluation, we are able to improve our website and its user-friendliness steadily. The data will be deleted as soon as there is no longer any need for our recording purposes. The data will be automatically deleted twelve months after collection. The legal basis for the processing of your data is Art. 6, par. 1, clause 1, (f) GDPR.

(5.3.5) When you opt out from Matomo tracking in (5.3.6), we store a persistent deactivation cookie called "mtm_consent_removed" to remember your decision for future visits and ensure that you are not tracked.

(5.3.6) Opt-in and opt-out of Matomo tracking:

5.4 Sentry

(5.4.1) We use the service Sentry (Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA), an open-source software to track errors that occur on our website.

(5.4.2) The collected data is used to ensure the functionality and security of our website. Sentry serves these purposes alone and does not evaluate data for advertising purposes. This constitutes a legitimate interest within the meaning of Article 6 Para. 1 lit. f) GDPR.

(5.4.3) With Sentry, we store the following data:

• Error time
• Device and operating system type/version
• Browser type/version
• URL where the error occured
• Technical details about error itself (e.g. stack trace)

(5.4.4) The data is securely stored in an anonymized format and automatically deleted by Sentry after a period of 90 days. This ensures that it cannot be linked to your personal identity.

(5.4.5) The data is stored by Sentry's cloud servers in the USA. As a Sentry customer, we are covered by the Sentry Data Processing Agreement, that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 4 on data transfer to third countries).

(5.4.6) For more information, please see Sentry's privacy policy.

Last update: 7/7/2023