You can find our data protection policy (in German language) here. We are working on providing an English version as soon as possible.
Our data protection policy is intended to explain the types of personal data collected by fromAtoB, for which purpose(s) your data is used, and also to explain your rights regarding the collection and processing of this data.
What is personal data?
Data is considered personal if it can be clearly assigned to a specific person or if this assignment is at least implicit, such as information on gender, height, hair color, etc. When booking tickets via fromAtoB, personal data including, but not limited to, name and e-mail address are used.
How does fromAtoB use my personal data?
We only process personal data within the scope of our service offering and only with your consent. Personal data is deleted as soon as it is no longer necessary to achieve the purpose for which it has been collected.
Does fromAtoB share personal data with third parties?
We will only pass on personal data to third parties if you have expressly consented to the transfer or if we are legally entitled or obliged to do so. We mainly pass on personal data to travel and transport providers to ensure successful bookings and invoices.
Is it safe to store my data at fromAtoB?
We take technical and organisational measures to ensure that the data entrusted to us is protected against loss, unauthorized modifications or unauthorised access by third parties. Our security measures are continuously reviewed and updated in line with the latest technological developments and industry standards
Which rights do I have?
- Right to be informed / right of access: You have the right to know why we collect your data, what kind of data we collect and who is the recipient of your data. We also provide you with information about how long and according to which criteria your data is stored, what rights you have with regard to your data and, if we use data from third parties, where the data originates from.
- Right to rectification: We change or supplement incomplete or incorrect data.
- Right to restrict processing: Under various circumstances, for example if you have disagreed with the processing of your data and no final decision has yet been made or while we are reviewing potentially incorrect data, you can request that the processing of your personal data be restricted.
- Right to erasure: In some cases, you have the right to have your data deleted by us - for example, if it is no longer needed for its original purpose, if you have revoked your consent to its use or if the processing of the data was unlawful. Exceptions to this right are made if more important rights (such as freedom of expression) would otherwise be violated.
- Right to data portability: You can request to receive a copy of your data produced in a structured and (mostly) machine-readable format in order to facilitate the transfer of said data to other providers.
- Right to object: You can object to the processing of your data in special cases. If your data would be processed for marketing purposes, you can object at any time and without giving a reason.
- Appeal to a supervisory authority: If you believe that the handling of your data is not lawful, you have the opportunity to file a complaint with a competent supervisory authority, after which you will be informed of the progress and results of the complaint within a reasonable period of time.
The security and protection of your data is an important concern for us, Pinion Digital GmbH, Gustav-Heinemann-Ufer 88, 50968 Cologne (hereinafter “fromAtoB” or “we/us”). That is why we operate our websites and our app for mobile devices in compliance with the applicable legal provisions for the protection of personal data and for data security, particularly the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
At this point, we would like to inform you which data we collect, process and use when using our services, for what purposes and on what legal basis and to whom we provide this data, where applicable.
- Data Processing Generally
- Providing the Website and Creating Logfiles
- Google Analytics
- Google Retargeting
- Google AdSense
- Transfer of Data to Third Parties
- Data Security
- Your Rights
- Withdrawal of Consents
- Contact / Information
- Use of the fromAtoB app, collection of personal data when using the fromAtoB app
- About App Usage Data Collected by Google Analytics / Firebase
- Push Services
- Facebook / Google Login
This Privacy Statement applies to the websites which can be visited under the following domains (“Website”).
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations is
Pinion Digital GmbH
District Court of Charlottenburg, HRB 208745B
2. Data Processing Generally
We only process your personal data, as a matter principle, where it is necessary to provide our service. We only process your personal data on a regular basis with your express consent. An exception exists in such cases where it is not possible to obtain prior consent for practical reasons or we are entitled or obligated to process the data due a statutory regulation.
4. Providing the Website and Creating Logfiles
4.1 When using the Website for informational purposes only (e.g. without registration) we only collect personal data that your browser transmits to our server. If you visit our Website, we collect the following data which is technically required for us to enable your visit to the Website and to ensure stability and security (the legal basis being Art. 6 para. 1 sentence 1 letter f GDPR):
- Websites which brought you to our Website
- Date and time of visit
- Name of Internet Access Provider
- Browser type/version and language
- The operating system used
- Access status/http status code
- Data volume transmitted
- Device (PC, tablet PC or smartphone)
- Our sites that you visited and the duration of your visits
- The last website you visited
4.2. We only evaluate this data for statistical purposes. A person-related evaluation is not conducted. The temporary storage of your IP address is necessary to enable delivery of the Website onto your device. The user’s IP address must therefore remain stored for the duration of the session. Data is saved in logfiles to ensure the functionality of the Website. We also use this data to optimise the Website and to ensure the security of our IT systems. The data is not evaluated for marketing purposes in this context. For the purposes described, our legitimate interest also lies in the processing of data pursuant to Art. 6 para. 1 letter f GDPR.
4.3. The data is deleted as soon as it is no longer required to achieve the purpose for which it is collected. In the event that data is collected to provide the Website, this is the case if the respective session has ended.
We use what are referred to as cookies to optimise the functionality and usability of the website. Cookies are small text files which are stored on your hard drive using your browser and through which the site that sets the cookie (us in this case) sends certain information. Cookies cannot run any programs or transmit viruses to your device.
You can set your browser so that you are informed about cookies being set and to allow cookies only on a case-by-case basis, to not accept cookies in certain cases or generally and to activate the automatic deletion of cookies when closing the browser. If you do not wish that we recognise your device, then please set your browser so that it deletes cookies from your device, blocks all cookies or warns you before storing a cookie. However, it may be the case that you cannot fully use all functions of the website.
We use the following types of cookies for our website (The legal basis for processing personal data by using cookies is Art. 6 para. 1 letter f GDPR):
5.1. Session cookies (e.g. for the security of account access) or functional cookies (e.g. to keep navigation elements open, for help display bubbles, A/B tests).
Session cookies are deleted automatically when you close your browser. They store what is referred to as a session ID, with which various queries from your browser can be assigned to the collective session. This means that your device can be recognised when you visit the Website again.
5.2. Language or Regional Setting Cookies
We use these to store the country, currency or language settings in which the website should be opened. Some of the website’s functions cannot be provided if these cookies are not used. For these functions, it is necessary for the browser to be recognised. The user data collected by technically necessary cookies will not be used to create user profiles. Our legitimate interest in processing personal data pursuant to Art. 6 para. 1 letter f GDPR also lies herein.
5.3. Analytics and marketing cookies which enable the analysis of your surfing behaviour on the Website. The following data can be transmitted in the process:
- Search terms entered, services searched for
- Frequency of page views
- Use functions
- Links clicked
Data collected in this manner is pseudonymised using technological measures such that an attribution can no longer be made to the user who is visiting. The data is not stored together with the user’s other personal data. The analytics and marketing cookies are used for the purpose of improving the quality of our website and its content and to show you or notify you of articles, offers, promotions or advertisements which could be of interest to you. Analytics and marketing cookies inform us how the Website is used, thus allowing us to continuously optimise our services. Our legitimate interest in processing personal data pursuant to Art. 6 para. 1 letter f GDPR also lies in the aforementioned purposes.
5.4. Use of HotJar
We use Hotjar service (Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) to collect and analyze user behavior on our website. Hotjar is a tracking and analysis service that helps us to better understand our users' use of our website (eg how much time you spend on which pages, which links you click, what you like and what you do not like, etc.). This information enables us to tailor our website to the needs and interests of our users.
For more information about data protection at Hotjar you can find on https://www.hotjar.com/legal/ policies / privacy.
Hotjar will only be used by us if you have given your consent. You can revoke your consent at any time and prevent the collection and storage of your data by Hotjar by clicking this opt-out link.
5.5. fromAtoB also places ads itself or works together with external partners to place and optimise its own and outside advertising. These external partners can set cookies e.g. when you visit the website. However, no personal data such as names, addresses, birth dates or complete IP addresses are collected, stored or transmitted in the process.
Below you will find external partners that fromAtoB uses with data protection information for each as well as the option to object to usage-based advertisements there, thus deactivating the collection of data with respect to this. You also have the option to delete cookies in your browser yourself at any time and thereby prevent advertisements based on these in the future.
|Provider||Data Protection Information|
|Kupona GmbH, Frankfurter Str. 8, 36043 Fulda, Germany||[https://www.kupona-media.de/datenschutzbestimmungen](https://www.kupona-media.de/datenschutzbestimmungen)|
|Criteo SA, 32 Rue Blanche, 75009 Paris, France||[https://www.criteo.com/de/datenschutzrichtlinie](https://www.criteo.com/de/datenschutzrichtlinie)|
|Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA||[https://www.google.de/intl/de/policies/privacy/, https://www.google.de/intl/de/policies/technologies/ads/](https://www.google.de/intl/de/policies/privacy/, https://www.google.de/intl/de/policies/technologies/ads/), [https://support.google.com/ads/answer/1634057](https://support.google.com/ads/answer/1634057)|
|Zanox AG, Stralauer Allee 2, 10245 Berlin, Germany||[https://www.zanox.com/](https://www.zanox.com/)|
|adjust GmbH, Saarbrücker Strasse 36, 10405 Berlin, Germany||https://www.adjust.com/terms/|
|affilinet GmbH, Joseph-Wild-Str. 20, 81829 München, Germany||https://www.affili.net/de/Datenschutz.aspx|
|Daisycon B.V., P.O. Box 10038, 1301 AA Almere, Netherlands||https://www.daisycon.com/de/datenschutzhinweis/|
|edelight GmbH, Wilhelmstrasse 4a, 70182 Stuttgart, Germany||https://www.tracdelight.com/|
|emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna, Austria||https://www.emarsys.com/de/privacy-policy/|
|Rocket Fuel Inc, c/o Privacy, 1900 Seaport Blvd, Pacific Shores Center, Redwood City, CA 94063 USA||https://rocketfuel.com/de/datenschutzrichtlinie/|
|Optimizely, Inc., 631 Howard Street, Suite 100, San Francisco, CA 94105, USA||https://www.optimizely.com/de/privacy/|
|Unbounce Marketing Solutions Inc., 400 – 401 West Georgia Street, Vancouver, BC V6B 5A1, Canada||https://unbounce.com/privacy/|
|HotJar, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, San Ġiljan, MT||https://www.hotjar.com/legal/policies/privacy|
5.6. Depending on the user settings, the session cookies are generally deleted automatically when the browser is closed. The remaining cookies are automatically deleted after a specified duration which can vary in length depending on the cookie. You can delete the cookies that we set at any time in the security settings for your browser.
6.1. There is an option on our website to subscribe to a free e-mail newsletter. The data from the input form for the newsletter registration is transmitted to us in the process. This is the e-mail address provided, no matter the case. The additional disclosure of a first and last name is voluntary.
6.2. We use what is referred to as the double opt-in process when registering for our e-mail newsletter, in which we send you a confirmation e-mail after your e-mail address has been entered in which we ask you to confirm that you wish to receive the e-mail newsletter. If you provide confirmation, we will store your e-mail address and the additional information that you enter, where applicable, until you unsubscribe from the e-mail newsletter. To prevent abuse, we store the IP address from which access is obtained as well as the time of access when the link sent in the conformation e-mail is clicked on.
6.3. The legal basis for processing the data after registering to receive the e-mail newsletter is Art. 6 para. 1 letter a GDPR. The purpose of collecting the user’s e-mail address is to deliver the newsletter.
6.4. You can revoke your consent at any time to the e-mail newsletter being sent with effect for the future by clicking the link provided in each e-mail newsletter, by e-mail to [email protected] or by communication using the contact information provided under clause 2.
7. WhatsApp messaging service
On our website, you have the opportunity to register for fromAtoB’s free WhatsApp messaging service, which will provide you with news and interesting information about our products and services. In order to register for and use our WhatsApp messaging service, WhatsApp must already be installed on your device.
To deliver the above-mentioned service, fromAtoB has commissioned the technical service provider MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich as processor.
Please follow the instructions on our website to register for the service on your device. As part of the registration process, you will be asked to give your consent to receive promotional WhatsApp messages. If consent has been given, we will process your personal data (especially telephone number, messenger ID, profile picture, chat history, messages and, if necessary, first name and surname) for purposes of direct advertising via WhatsApp messenger, to the extent that this is required to keep you updated on fromAtoB’s products and services.
You can revoke your consent by sending a WhatsApp message with the text ‘Delete all data’ to the number specified by fromAtoB. You can also revoke your consent by sending us a WhatsApp message with a corresponding content to this number. A revocation of consent does not affect the lawfulness of data processing activities performed before your revocation. In case of revocation, all of your personal data stored in connection with the WhatsApp messaging service will be deleted. Any data stored in backups will then be deleted within 60 days as part of general deletion routines.
If you wish to stop receiving messages temporarily, send a WhatsApp message with the text ‘Stop’ to the number specified by fromAtoB. To re-activate the WhatsApp messaging service, send a message with the text ‘Start’. In this case, your personal data will remain stored in our system. To completely delete your personal data, please revoke your consent as described above.
The responsible supplier of WhatsApp is WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Please note that WhatsApp Inc. collects personally identifiable information (including communication metadata), which is also being processed on servers located outside the EU (e.g. in the USA), where it may not be possible to maintain a level of privacy that is recognized as adequate by the European Commission. However, WhatsApp is certified under the Privacy Shield Agreement (www.privacyshield.gov) and thus provides a sufficient level of protection comparable to that in the EU. For more information about WhatsApp’s privacy practices, please click here. fromAtoB has no precise knowledge of or influence on the data processing carried out by WhatsApp, Inc.
8.1. Registration is not required in order to use the Website and services. However, we offer users the option to register on the Website to be able to use certain additional benefits and services. In particular, registered users can choose certain settings in their user profile, store data and use expanded search functions. The registration and the expanded use that registration enables as well as the profile are currently free of charge.
8.2. To register, you must provide certain personal information by entering it into the relevant submission form. This includes first and last name, a free choice of a username, a self-selected password and a valid e-mail address. Use of pseudonyms, multiple registrations and registrations using false names or multiple e-mail addresses is not permitted. So that certain third-party provider offers (e.g. special prices) can be displayed completely and correctly, you may be required to provide additional information, e.g. date of birth. Additional information is voluntary.
8.3. After registering successfully, you will receive a confirmation e-mail from us which will include a link to activate your profile. In order to use expanded functions after registration, you must activate your profile by clicking on the link included in the confirmation e-mail.
8.4. Facebook Login You can also register with fromAtoB using your Facebook account. Facebook is a social network of Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland). When you begin registration, we will point out the “Sign in with Facebook” button option to register using your Facebook profile information. This requires that you be already registered with Facebook or that you create a Facebook access. Please note that the Facebook terms of privacy and use apply to registration with and use of Facebook https://de-de.facebook.com/about/privacy/. To sign in, you will be forwarded to the Facebook website, where you can sign in with your user data. This will link your public Facebook profile to your fromAtoB-user account. By linking, we will receive the following information from Facebook: Facebook ID, profile picture, first and last name, age, gender, e-mail address, likes, tagged places. From this data, we only store and use your first and last name as well as your e-mail address.
9. Google Analytics
- Browser type/ version,
- Operating system used,
- Referrer URL (the website visited prior to ours),
- Hostname of the accessing computer (IP address),
- Time of server request,
10. Google Retargeting
11. Google AdSense
This Website uses Google AdSense. This is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for integrating advertisements. For this service, Google AdSense uses what are referred to as “cookies”, small text files that are stored on your computer and that enable an analysis of the use of our Website. Google AdSense also uses what are referred to as web beacons (invisible graphics). Web beacons can be used to evaluate information such as visitor traffic on websites. Using the cookies and web beacons, information is generated concerning the use of our Website, including IP addresses. The delivery of advertising formats is then transmitted to a Google server in the United States and stored there, as is the case for Google Analytics. The stored information can then be transmitted by Google to its contract partners. However, according to information from Google, the information that Google collects concerning your IP address is not merged with other stored data.
You can find additional information concerning data protection with Google here:
The “Google+” (Google Plus) plug-in is integrated into our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
When you visit our Website, your browser establishes a direct connection with the Google server, in turn transmitting the plug-in content to your browser and integrating this into the website being displayed. Through this, the information that you visited our Website is forwarded to Google.
If you are logged in to your personal Google Plus user account or Google during your visit to our Website, Google can associate the visit to our Website with this account. By interacting with plug-ins, e.g. by clicking the button or leaving a comment, this information will be transmitted directly to Google and stored there. Google stores information that you have given +1 for content as well as information about the site that you viewed by clicking on +1. Your +1 can be displayed as comments together with your profile name and your photo in Google services, such as in search results or on your Google profile or in other places on websites and advertisements online.
Google records information concerning your +1 activities according to its own information to improve Google services for you and other users. In order to use the + function buttons, you need a public Google profile that is visible worldwide and the profile must at least contain the name selected for the profile. This name is used for all Google services. In many cases, this name can also replace another name that you have used to share content via your Google account. The identity of your Google profile can be displayed to other users who know your e-mail address or who have other identifying information about you.
We do not have any influence on the scope and content of the data that Google collects using the function button. We expect that your IP address will be collected and transmitted, as well. You can find information concerning Google’s purpose, scope and use of the data collected in Google‘s privacy notice. You can find this website at https://www.google.com/intl/de/+/policy/+1button.html.
If you are a Google+ member or if you have logged in with Google and do not wish that Google collects data about you when visiting our Website or that it links with your member information stored with Google, you must log out of Google+ or Google prior to visiting our website.
Our Website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). A connection is established with LinkedIn servers with each visit to one of our websites containing LinkedIn functions. LinkedIn will be informed that you visited our Website using your IP address. If you click on the LinkedIn “Recommend button” and if you are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our Website with your LinkedIn user account. Please note that we have no information concerning the content of the data transmitted to LinkedIn or of its use by LinkedIn.
You can find more information concerning this in the LinkedIn Privacy Statement at https://www.linkedin.com/legal/privacy-policy.
Twitter service functions are integrated into our Website. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). By using Twitter and the re-tweet function, the websites that you visit are linked with your Twitter account and disclosed to other users. Data is also transmitted to Twitter in the process. Please note that we as providers and operators of the Website do not receive any information concerning the content of the data transmitted or of its use by Twitter. You can find more information concerning this in the Twitter Privacy Statement at https://twitter.com/privacy.
You can change your Twitter privacy settings in the account settings at: https://twitter.com/account/settings.
15. Transfer of Data to Third Parties
We only pass your personal information on to third parties if and insofar as you have expressly consented to this disclosure or if we are legally entitled or obligated to do so.
16. Data Security
We use appropriate technical and organisational measures to ensure that the data collected during use of offers we provide is protected against loss, incorrect changes or unauthorised access by third parties. Our security measures are revised on an ongoing basis pursuant to technological developments and adjusted accordingly.
17. Your Rights
Insofar as we process your personal data, you have the following rights as a data subject within the meaning of GDPR:
17.1. Right to Information
- You can demand confirmation from us whether we process personal data concerning you.
- Should this be the case, you can demand that we disclose to you the following information:
- the purposes for which the personal data is being processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom your personal data was or still is being disclosed;
- the intended duration of the storage of your personal data or, if specific information concerning this is not possible, the criteria for determining the storage period;
- the existence of your right to rectification or erasure of personal data concerning you, a right to restricting processing by the controller or a right to object to this processing;
- the existence of a right to appeal to a supervisory authority;
- all available information concerning the source of data if personal data about you is not collected from you but from third parties.
You have the right to demand information about whether the personal data concerning you is transmitted to a third country or international organisation. In this context, you may demand to be informed of the appropriate guarantees relating to this transmission pursuant to Art. 46 GDPR.
17.2. Right to Rectification
You have the right to rectification and/or completeness, if your personal information which we process is incorrect or incomplete. If this is the case, we will immediately make the rectification, provided we are technically able to do so.
17.3. Right to Restriction of Processing
You can demand that the processing of your personal data be restricted under the following conditions:
- if you dispute the accuracy of your personal data for a period that allows us to review for accuracy;
- if the processing of your data is unlawful and you decline to have your personal data erased and instead demand that the use of your personal data be restricted;
- if we no longer need your personal data for the purposes of the processing but you need it to establish, exercise and defend legal claims, or
- if you have entered an objection to the processing pursuant to Art. 21 para. 1 GDPR and you are uncertain whether our legitimate interests as a controller outweigh your grounds as a data subject.
If the processing of your personal data is restricted, this data may – aside from storage – only be processed with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing is limited pursuant to the above conditions, we will inform you of this before the restriction is lifted.
17.4. Right to Erasure
- You can demand that we immediately erase your personal data where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which the processing is based according to Art. 6 para. 1 letter a GDPR and where there is no other legal ground for the processing;
- you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing of your personal data for advertising purposes pursuant to Art. 21 para. 2 GDPR;
- the personal data has been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation;
- There is no right to erasure if the processing is necessary
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation or to perform a task in the public interest;
- to establish, exercise or defend legal claims.
17.5 Right to Data Portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller (provided this is technically feasible), provided
- the processing is based on consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR; and
- the processing is carried out by automated means.
To exercise your right to data portability, please send us an e-mail at [email protected].17.6. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 para. 1 letter e or f GDPR.
In this case we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. In this case, we will no longer process your personal data for such purposes.17.7. Right to Appeal to Supervisory Authority
Irrespective of other legal remedies, you have the right to appeal to a competent supervisory authority if you believe the processing of your personal data violates the GDPR.
18. Withdrawal of Consents
Insofar as the processing of personal data is based on your consent pursuant to Art. 6 para. 1 letter a GDPR, you may withdraw your consent at any time with effect in the future by e-mail to [email protected].
19. Contact / Information
You may direct all inquiries, statements and questions concerning data usage to our data protection officer
Phone: +49 40 790235236
or by mail to
Pinion Digital GmbH
1. Use of the fromAtoB app, collection of personal data when using the fromAtoB app
The fromAtoB app is another way to access the fromAtoB platform. Therefore, we use your data there as if you were accessing fromAtoB using our Website.
In addition, fromAtoB can also access your app-related data in this case, which we collect using Google Analytics / Firebase (cf. clause 3 below).
The necessary information is transmitted to the AppStore when you download the fromAtoB App, particularly your username, e-mail address and customer number for your (iOS or Android) account, the time of download, payment information and the individual device identification number. We have no influence on the collection of this data and are not responsible therefor. We only process the data insofar as it is needed to download the app to your mobile device.
We will not access data beyond the app, such as your calendar, photos, messages, etc. without your permission.
2. About App Usage Data Collected by Google Analytics / Firebase
2.1. The App uses Google Analytics for mobile Apps and Firebase, analytics services of Google Inc. (“Google”). The legal basis for using Google Analytics and Firebase is § 15 para. 3 TMG and. Art. 6 para. 1 letter f GDPR.
Google Analytics and Firebase use Google APIs, which enable analysis of the use of the app. The data normally collected pertaining to this is, inter alia:
- number of users and sessions
- session duration
- operating system
- device model
- initial launches
- app versions
- app updates
- in-app purchases
In addition, the following data is also collected for what is referred to as Firebase Performance Monitoring:
- general device information such as the model, operating system and orientation
- RAM and disk space
- mobile providers
- wireless/network information (e.g. WLAN, LTE, 3G)
- IP address
- signal strength
- jailbroken or rooting status of the device
- battery level and charging status
- app version
- app foreground or background status
- app package name
- anonymous app instance ID
network URLs (no URL parameter or subject matter regarding load capacity) and the following corresponding data:
- response codes (e.g. 403, 200)
- load capacity in bytes
- response times
- duration of automatic traces
You can find a complete list of the traces automatically captured in Firebase Performance Monitoring at https://firebase.google.com/docs/perf-mon/#howdoesit_work.
Firebase also uses an app instance ID generated on the app level to identify individual app installations. Generally speaking, the IDs for mobile devices (e.g. Android or iOS advertising ID) are captured using Firebase by means of technologies that function similarly to cookies. The advertising ID (where available) is captured in iOS and Android for this purpose. If the advertising ID is not available, the manufacturing ID (iOS) or the hardware ID for the device (e.g. Android IS – SSAID) is captured.
The data collected by Google Analytics / Firebase concerning the use of the app is generally transmitted to a Google server in the United States and stored there. The app was extended by the code “gat._anonymizeIp();” to ensure an anonymised collection of IP addresses (what is referred to as IP masking) by truncating the IP addresses of users within Member States of the European Union or other signatory states of the Agreement on the European Economic Area before Google transfers them to the United States. Only in exceptional cases will the complete IP address be transmitted to a Google server in the United States and truncated there. Google will use this information on our behalf in order to evaluate the usage of the app by the user, to compile reports concerning usage activities and to furnish additional services associated with use of the app. Google will transmit this information to third parties, where applicable, insofar as this is prescribed by law or to the extent that third parties process this data on behalf of Google. According to its own information, Google will not combine your IP address with other data stored by Google. You can find additional information about Google Analytics and Firebase at https://www.google.com/intl/de/policies/privacy/ and https://firebase.google.com/support/privacy/.
3. Push Services
fromAtoB App uses what are referred to as push services to send notifications to your device containing information about certain functions of the app, e.g. to inform you about us, system notifications, bookings, promotions, news or new functionalities.
You will only receive push notifications concerning the app if you have consented to them. For this purpose, you were asked for permission by your device prior to your initial use of the app whether the app could access the push function on your device. You can withdraw your consent at any time by, within the operating system settings for your device, deactivating the permission in the app to access the push function of your device.
Device tokens or registration IDs allocated to providers of your operating system are exchanged when you use the push services.
4. Facebook / Google Login
You can also register with fromAtoB and sign into the app by using your Facebook account or your Google account. To do so, it is necessary that you already be registered with Facebook or Google or that you create access. Please note that the terms of privacy and use for Facebook https://de-de.facebook.com/about/privacy/ or Google https://policies.google.com/privacy?hl=de apply to registration with and the use of Facebook. Your public profile is linked with your fromAtoB user account when you log in using your Facebook or Google account.
Updated: Feb 2019